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About This Guide 


This guide helps you get started with OES 11 SP2. 


+ 


+ 


+ 


+ 


+ 


+ 


+ 


Chapter 1, “Installing the OES 11 SP2 Server in Your Getting-Started Lab,” on page 9 
Chapter 2, “Installing a NetWare Virtual Machine,” on page 25 

Chapter 3, “eDirectory, Users and Groups, and Identity Services,” on page 43 
Chapter 4, “eDirectory Linux Access (LUM),” on page 57 

Chapter 5, “Novell CIFS,” on page 65 

Chapter 6, “Novell AFP,” on page 69 

Chapter 7, “NetWare CIFS and AFP Access,” on page 73 

Chapter 8, “iFolder 3.9,” on page 77 

Chapter 9, “iPrint,” on page 83 

Chapter 10, “NetStorage,” on page 89 

Chapter 11, “Getting Acquainted with OES,” on page 95 

Appendix A, “Supplementary Information,” on page 115 


Before installing OES 11 SP2 in a production environment, we recommend you become familiar with 
the following additional documentation. 


+ 


+ 


+ 


OES 11 SP2: Readme 
OES 11 SP2: Planning and Implementation Guide 
OES 11 SP2: Installation Guide 


Guide Purposes 


This guide is designed to help you with your transition from NetWare to OES 11 SP2 by helping you 
to get acquainted with basic OES services. 


The information and instructions it contains help you to do the following: 


+ 


+ 


+ 


Install an OES 11 SP2 server into a new eDirectory tree named EXAMPLE_TREE 
Install selected OES 11 SP2 components on the server 


Install an OES 11 SP2 virtual machine host server, create a virtual machine (VM) on the server, 
and install NetWare 6.5 SP8 on the VM 


Create seven different user types, at least one of which should closely align with the users on 
your network 


Perform simple tasks to get acquainted with basic OES 11 SP2 services on a Windows 7 (or 
Windows XP) workstation. 
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Work through the Guide Sequentially 


The sections in this guide are designed to be accessed sequentially, thus guiding you through the 
main tasks of setting up an OES 11 SP2 environment that you can then explore further as desired. 


If You Want to Use This Guide as a Reference 


If you want to install additional OES 11 SP2 servers, create a different tree structure than the one 
specified in this guide, or diverge from the instructions presented, you can still use these instructions 
as a basic outline for setting up OES 11 SP2 services in a getting-started lab environment. However, 
be aware that any divergence from the instructions presented or the order they are presented in, can 
cause ripple effects through the rest of the guide. If you need to diverge, refer to the information 
found in the following guides for assistance: 

+ OES 11 SP2: Planning and Implementation Guide 

¢ OES 11 SP2: Installation Guide 

+ OES 11 SP2: Linux Tips for NetWare Administrators 


e NW65 SP8: Installation Guide 
Feedback 
We want to hear your comments and suggestions about this manual and the other documentation 


included with OES 11 SP2. Please use the User Comments feature at the bottom of each page of the 
online documentation. 


Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
within a cross-reference path. 
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Installing the OES 11 SP2 Server in Your 
Getting-Started Lab 


Use the instructions in this section to install Novell Open Enterprise Server 11 SP2 (OES 11 SP2) in 
your getting-started lab. 

+ Section 1.1, “Getting-Started Lab Setup Requirements,” on page 9 

è Section 1.2, “Obtaining Installation Media,” on page 11 

+ Section 1.3, “Double-Checking the Prerequisites,” on page 11 

¢ Section 1.4, “Installing the Server Software,” on page 12 

+ Section 1.5, “Setting the Root Password and Updating the Server,” on page 14 

+ Section 1.6, “Configuring eDirectory and OES Services,” on page 17 

è Section 1.7, “Setting Up the Graphical User Interface,” on page 19 

+ Section 1.8, “Setting Up the Server as an SLP Directory Agent,” on page 19 

¢ Section 1.9, “Accessing iManager,” on page 21 

è Section 1.10, “Configuring the Browser for the eDirectory CA,” on page 22 

+ Section 1.11, “Enabling Pop-Ups for iManager,” on page 23 


1.1 Getting-Started Lab Setup Requirements 


For the tasks and exercises described in this guide, you need the following: 


O A server-class computer with the following: 


Component Minimum Recommended 
Processor Intel EM64T, AMD K8 

(Athlon64) or higher 

processor 
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Component Minimum Recommended 











RAM 1 GB 2 GB 
Display adapter Super VGA VESA 1.2-compliant, high 
resolution 
Display monitor Compatible with adapter 
CD/DVD drive Support for the ElTorito 
specification 
Hard drive 40 GB 


(All data will be erased) 





Network card Ethernet 100 Mbps 





IP address ¢ IP address on the getting- 
started lab subnet. For 
example, 192.168.1.100. 


+ Subnet mask. For 
example, 255.255.255.0. 


+ Default gateway. For 
example, 192.168.1.1. 





Mouse Not required USB or PS/2 


O A network printer with an assigned static IP address and a connection to your getting-started 
lab network. 


O A Windows workstation with 
+ One of the following platforms installed: 
¢ Windows 7 
+ Windows XP 
+ An Ethernet 100 Mbps adapter 
+ An IP address on the same subnet as the server 


e Mozilla Firefox browser installed. (This is optional, but Firefox is the assumed browser for 
most of the instructions in this guide) 


+ A print driver installed on the workstation for the network printer listed above. 
O (Optional for exploring Novell AFP and iPrint) An Apple Macintosh workstation with 
¢ Mac OS 10.4 or later installed 
Novell AFP supports earlier versions of Mac OS, but iPrint doesn’t. 
+ An Ethernet adapter 
+ An IP address on the same subnet as the server 


+ A print driver installed on the workstation for the network printer listed above. 
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1.2 Obtaining Installation Media 


To complete the instructions in this guide, you need to download various ISO files, depending on 
your hardware. 


¢ Section 1.2.1, “Downloading the ISO File,” on page 11 
è Section 1.2.2, “Creating the Installation Media,” on page 11 


1.2.1 Downloading the ISO File 


1 Go to “Downloading OES 11 SP2 Software from the Novell Web Site” in the OES 11 SP2: 
Planning and Implementation Guide. 


2 Complete all the steps in the section, except the instructions on deciding which files to 
download. The file you need for the exercises in this guide is 


* OES11-SP2-addon_with SLES11-SP3-x86 64-DVD.iso 


3 Be sure to print the pages as instructed, record the two activation codes, print and check the 
MD5 verification checksum, and so on. 


4 After you have downloaded the file, continue with Creating the Installation Media. 


1.2.2 Creating the Installation Media 


To prepare physical installation media: 


1 Go to “Preparing Physical Media for a New Server Installation or an Upgrade ” in the OES 11 
SP2: Installation Guide and use the instructions there to create media for installing your OES 11 
SP2 server. 


Continue with Installing the Server Software. 


1.3 Double-Checking the Prerequisites 


Before installing OES 11 SP2 on your server, you must complete the following tasks: 


C Ensure that the server computer meets the requirements outlined in Section 1.1, “Getting- 
Started Lab Setup Requirements,” on page 9. 


Oo Prepare the software for installation as explained in Section 1.2, “Obtaining Installation Media,” 
on page 11. 
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1.4 Installing the Server Software 





WARNING: This procedure permanently erases any data currently on your server's hard drive. 





1 Prepare the BIOS on your server machine so that it will boot from the CD-ROM drive first. 


2 Insert the DVD you prepared in “Creating the Installation Media” on page 11 into your server 
and reboot the machine. 


3 When the boot selection page appears, immediately press the Down-arrow key to select the 
Installation option, then press Enter. 


If you don’t respond before the machine starts booting from the hard disk, reboot the server and 
repeat this step. 


4 After the boot process finishes, select a Language and Keyboard Layout, read and agree to the SLES 
11 SP3 software license agreement, then click Next. 


5 Read and agree to the software license agreement for OES 11 SP2, then click Next. 


6 Verify that New Installation is selected, select the Include Add-On Products from Separate Media 
option, then click Next. 


7 Make sure the Yes, Run the Network Setup option is selected and click Next. 


8 Use the following table to navigate and configure your server. 


Page Name Action 


Network Setup 1. (Conditional) If your server has multiple network 
cards, select the card the server will use during the 
install, then click Next. 


The page refreshes. 
2. Select Static Address Setup. 


3. In the IP Address field, type the IP address for the 
server. For example, 192.168.1.100 


4. In the Netmask field, type the subnet mask for your 
network. For example, 255.255.255.0. 


5. In the Default Gateway IP field, type the IP address of 
the gateway for your getting started lab subnet. For 
example 192.168.1.1. 


6. Inthe DNS Server IP field, type the IP address of a 
primary DNS server for your network. 


7. Click OK. 





Add-On Product Installation 1. Confirm that Novell Open Enterprise Server 11 SP2 is 
listed as an add-on product, then click Next. 





Clock and Time Zone 1. Select the region and time zone for the server and 
click Next. 
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Page Name Action 


Server Base Scenario 1. 


Make sure that the Physical Machine option is 
selected, then click Next. 





Installation Settings 1. 


Click Partitioning. 


9 To ensure a clean install, use the following table to navigate the partitioning pages and prepare 


your system disk. 


Page Name Action 


Preparing Hard Disk: Step 1 1. 
2. 


Select Custom Partitioning (for experts). 
Click Next. 





Expert Partitioner 1. 


Double-click the device entry for the disk you are 
installing to. 


. Click Expert (just above the Accept button), click 


Create New Partition Table, then click OK > Yes. 


WARNING: This erases all data from the disk you 
are installing to. 


. Click Add. 





Add Partition on device_name 1. 


With Primary Partition selected, click Next. 


. Inthe Custom Size field, type 200 MB, then click Next. 
. Inthe Mount Point drop-down list, select /boot, then 


click Finish. 


. Click Add > Next. 


5. In the Custom Size field, type a size roughly twice the 


10. 


amount of RAM installed on the server. For 
example, if the server has 1 GB RAM installed, type 
2048 MB, then click Next. 


. Inthe File system drop-down list, select Swap, then 


click Finish. 


. Click Add > Next. 
. Inthe Custom Size field, type 10 GB, then click Next. 


. Inthe File system drop-down list, make sure that / is 


selected, then click Finish. 


Click Accept. 


10 On the Installation Settings page, click Software. 


Use the following table to navigate and configure the software pages: 
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Page Name Action 
Software Selection and System 1. Under OES Services, select (or confirm the selection 
Tasks of) the following: 
+ Novell AFP 
+ Novell CIFS 
+ NetIQ eDirectory* 
¢ Novell iFolder 
+ Novell iManager 
¢ Novell iPrint 
+ Novell NCP Server/Dynamic Storage Technology* 
+ Novell NetStorage 
+ Novell Storage Services* 


Services marked with an asterisk (*) are selected 
when you click Novell AFP. 


Although they are not listed, Novell Backup/Storage 
Management Services (SMS), Novell Linux User 
Management, and Novell Remote Manager are 
installed on every OES 11 SP2 server. 











2. Click OK. 
agfa fonts 1. Click Accept. 
Installation Settings 1. Click Install. 
Confirm Installation 1. Click Install. 


11 If you are prompted for additional input during the configuration, accept the default actions. 


12 Continue with Setting the Root Password and Updating the Server. 


1.5 Setting the Root Password and Updating the Server 


After the initial system configuration and system reboot, the installation needs a password for the 
root user. It also needs to update the system with the latest software. 


1 Use the following table to navigate and complete the various configuration pages. 
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Page Name 


Password for the System 
Administrator “root” 


Action 


1. Enter and confirm the root user password, then 
click Next. 





Hostname and Domain Name 


1. If your DHCP server is working correctly, the server 
hostname should appear in the Host Name field. If 
not, type the hostname for the IP address you are 
assigning to the server. For example, myserver. 


2. Inthe Domain Name field, if the DNS Domain Name 
isn’t already populated for your network, type the 
domain name for the server. For example, 
mysite.company.example.com. 


3. Deselect Change Hostname via DHCP. 
4. Click Next. 





Network Configuration 


1. Click Next. 


You configured the network in Section 1.4, 
“Installing the Server Software,” on page 12. 





Test Internet Connection 


You will need to register your server on the Internet to 
download the latest patches, so you should test the 
Internet connection at this point to make sure that 
everything is configured correctly. 


1. Select the option to test the connection. 
2. Click Next. 





Running Internet Connection 
Test 


Novell Customer Center 
Configuration 


After a few moments, the Test Status should indicate 
Success. 


If it does not, you need to click Back and fix your network 
configuration and the connection to the Internet. It is 
essential that OES 11 SP2 servers always have the latest 
security and other critical patches downloaded and 
installed. 


1. Click Next. 
1. Click Next. 


The server establishes a connection with the Novell 
Customer Center. 





Manual Interaction Required 


1. Click Continue. 


Installing the OES 11 SP2 Server in Your Getting-Started Lab 


15 


Page Name 


Novell Customer Center 
System Registration 


Action 


1. 


In the fields indicated, type and confirm the e-mail 
address to which you want administrative 
notifications sent. 


. Inthe Activation code for SLES components field, type 


the SLES activation code you noted or printed while 
downloading the image files. 


If this code is not entered, the server can’t download 
updates and patches through the Novell patch 
channels. For the OES 11 SP2 release, downloading 
the SLES patches is critical for service configuration 
success. 


. Inthe Activation code for OES components field, type 


the OES 11 SP2 activation code you noted or printed 
while downloading the image files. 


If this code is not entered, the same patch channel 
restriction applies as for SLES. 


. Click Submit. 


Your registration information is sent to the 
Customer Center. This might take a couple of 
minutes to complete. 


. Click Continue. 


The update server is added to your system 
configuration. Again, this might take a few minutes. 





Novell Customer Center 
Configuration pop-up 


. Click OK. 





Online Update 


Depending on the patches that are in the Update 
channels, you might need to run the update process 
more than once. 


1. 
2. 
3. 


Select Run Update, then click Next. 
Click Accept. 


If you see one or more YaST pop-ups indicating that 
changes have been made to resolve dependencies, 
click Continue. 


If you see pop-ups indicating that you have selected 
patches that should be installed later, click Cancel. 


The update patches are downloaded and installed. 


. Click Next > OK. 


The system restarts. 


. Repeat from Step 2 until no more patches are 


selected for installation. 





Network Services 
Configuration 


. Because the system reboots due to a kernel changes, 


you must type and confirm the root password, then 
click OK. 


. Click Next. 
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2 Continue with Configuring eDirectory and OES Services. 


1.6 Configuring eDirectory and OES Services 


For the exercises in this guide, you need specific eDirectory, NTP, and SLP configurations. 


1 Use the following table to navigate and complete the eDirectory pages: 
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Page Name 


Novell Open Enterprise Server 


Configuration 


Action 


1. Click Next. 





Express Installation 


. Inthe NTP Time Server field, type the IP address or DNS 


name of the reliable, external Network Time Protocol 
(NTP) server you want the servers in your tree to use for 
time synchronization. 


2. In the eDirectory Tree Name field, type EXAMPLE_TREE. 
3. In the FDN of the tree administrator field, type 


CN=admin.O=COMPANY. 


In this guide, the Admin User object is named admin 
(all lowercase) to differentiate the name from the object 
itself (Admin User), which is a standard eDirectory 
object and is always capitalized in the documentation by 
convention. 


The eDirectory Admin User object can have any name 
you choose, although most administrators use “admin.” 


In this guide, all container objects, such as COMPANY, 
are created in uppercase so they are more easily 
distinguished in the illustrations and procedures. 


. Inthe Admin Password and Verify Admin Password fields, 


specify the password for the eDirectory Admin User. 


. Change the server context to 


OQU=SERVERS . OU=LAB .O=COMPANY. 


6. Click Next. 
7. Click Yes to confirm that SLP is being configured for 


multicast at this time. 


Later in this guide you will configure this server as the 
SLP Directory Agent. For more information on SLP, see 
“SLP” in the OES 11 SP2: Planning and Implementation 
Guide. 





Novell Open Enterprise Server 
Configuration 


. Click Next. 


The eDirectory and iManager configuration processes 
can take a few minutes or much longer depending on 
the server processor speed, etc. The other OES services 
should self-configure fairly quickly. 





User Authentication Method 


1. Click Next. 





New Local User 


The local root user was created during the SLES install. On 
OES servers, we recommend that all users except root be 
defined in eDirectory. Therefore, you don’t create additional 
local users. 


1. Click Next. 





Empty User Login 


1. Click Yes. 
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Page Name Action 


Release Notes 1. Click Next. 


The official OES 11 SP2: Readme is published with the 
OES 11 SP2 Online Documentation. 


2 Continue with Setting Up the Graphical User Interface. 


1.7 Setting Up the Graphical User Interface 


Although most Linux servers don’t have a graphical user interface loaded, the getting-started lab 
server you are installing runs the GNOME interface by default. 


When the Hardware Configuration page appears: 
1 Review the Graphics Cards configuration to make sure your monitor was detected and that your 
color and resolution settings are the way you want them. 
If the settings are correct, skip to Step 3. 


2 Ifthe configuration is incomplete or wrong, click the blue links to configure your monitor, color, 
resolution, etc. 


3 Click Next. 


4 When the Installation Completed page appears, deselect Clone This System for Autoyast, then click 
Finish. 


5 When the login splash page appears, continue with Setting Up the Server as an SLP Directory 
Agent. 


1.8 Setting Up the Server as an SLP Directory Agent 


For OES services to work, the server must have one of the following: 


+ An eDirectory replica installed on the server. This is not automatic after the third server 
installed in a tree because it is not recommended to have more than three to five replicas in the 
tree. 


This means that in a large network with many servers, most of the servers won't have replicas, 
which leaves only the OpenSLP option. 


Installing the OES 11 SP2 Server in Your Getting-Started Lab 19 


20 


+ OpenSLP running on the server with eDirectory as a registered service. This means that you 
should configure a network server (for example, the first server in the tree) as an SLP Directory 
Agent (DA), and then configure the other network servers that don’t have an eDirectory replica 
to point to the DA server. 


For the getting-started lab setup, you don’t actually need a Directory Agent set up because each of the 
two getting-started lab servers (this server and the NetWare VM) has an eDirectory replica. However, 
it’s important to understand the basics of setting up SLP on OES 11 SP2. For more information, see 
“SLP” in the OES 11 SP2: Planning and Implementation Guide. 
1 Log in to the server as root. 
2 Configure the server as an SLP DA server: 
2a Click Computer > Nauilus File Browser. 
2b In the left panel, double-click File System, then double-click the etc directory. 
2c Scroll down to the slp.conf file, right-click the file, and select Open with gedit. 
2d Inslp.conf, find the following line: 
jnet.slp.useScopes = myScopel, myScope2, myScope3 
2e Remove the semicolon (;) and change the line as follows: 
net.slp.useScopes = Directory 
2f Find: 
jnet.slp.isDA = true 
2g Remove the semicolon (;) so that it reads: 
net.slp.isDA = true 
2h Save and close the file and the file browser. 
3 Configure the firewall on the DA server to allow SLP daemon traffic: 
3a Click Computer > YaST, then click Security and Users > Firewall. 
3b In the left navigation frame, click Allowed Services. 
3c Click the Services to Allow drop-down list and select Openslp server (SLP). 
3d Click Add > Next. 
3e Click Finish. 
4 Restart OpenSLP and eDirectory: 
4a Right-click the desktop and select Open in Terminal. 


4b At the command prompt, enter the following command to restart the SLP daemon with the 
changed configuration: 


reslpd restart 
4c Restart eDirectory by entering the following command: 
rendsd restart 
This registers eDirectory as an SLP service. 
5 Verify that OpenSLP is running as expected. 
5a After eDirectory restarts, enter the following command: 
slptool findsrvs service:ndap.novell 


After a moment or two, the system should respond with a line that indicates 
EXAMPLE_TREE is being advertised as a service in SLP. 
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5b Close the terminal by entering the following command: 
exit 


6 Continue with Accessing iManager. 


Accessing iManager 





IMPORTANT: You must access iManager multiple times in this guide. If you get a Tomcat error in 
response to any launch requests, see Section A.2, “iManager Tomcat Error,” on page 118. 





NetIQ iManager is the main browser-based tool you use to manage eDirectory and your OES 
services. 


To start iManager and prepare your browser for future sessions: 
1 On your getting-started lab workstation, in your Web browser, open the OES 11 SP2 Welcome 
page by entering the following URL: 
http://IP_or_ DNS 
where IP_or_DNS is the IP address or DNS name of your OES 11 SP2 server. 
2 Click the Management Services tab. 
3 On the Available Services page, click iManager. 


You can also start iManager directly by including /nps after IP_or_DNS in the access URL. For 
example, enter http: //192.168.1.100/nps. 


4 You should receive a security alert, such as a warning that the connection is not trusted. 
Select the options to continue, such as I Understand the Risks > Add Exception. 


5 Make sure that the option to permanently store the exception is selected if available, then 
confirm the exception. 


6 Log inas the eDirectory Admin user: 
6a In the Username field, type admin. 
6b In the Password field, type the eDirectory Admin user password. 
6c In the Tree field, type example_tree. 


If SLP services are not working properly, you need to enter the IP address instead of the tree 


name. 
6d Click Login. 


7 Do not close iManager. Continue with the next section, Configuring the Browser for the 
eDirectory CA. 
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1.10 Configuring the Browser for the eDirectory CA 


If you didn’t receive an offer to permanently store the security warning exception, you can configure 
your Web browser to trust the eDirectory-based certificate authority by completing the instructions 
in the next two sections. Otherwise, skip to Section 1.11, “Enabling Pop-Ups for iManager,” on 
page 23. 

+ Section 1.10.1, “Exporting the CA’s Self-Signed Certificate,” on page 22 

¢ Section 1.10.2, “Importing the CA Certificate into Mozilla Firefox on Windows,” on page 22 


+ Section 1.10.3, “Importing the CA Certificate into Windows Explorer on Windows,” on page 23 


1.10.1 Exporting the CA’s Self-Signed Certificate 


In iManager, click the Roles and Tasks icon g. 

Click Novell Certificate Server > Configure Certificate Authority. 

Click the Certificates tab, then select the check box for the self-signed certificate. 
Click the Export sub-tab. 

Deselect Export Private Key. 

The Export Format changes to DER. 

Click Next. 


7 Click Save the Exported Certificate and save the file to disk, noting the filename and location if 
indicated. 


8 Click Close > OK. 


9 Find the file you just saved. By default it is usually on the desktop for Windows XP and in the 
username/Downloads folder for Windows 7. 
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10 To configure Mozilla Firefox on Windows, continue with Importing the CA Certificate into 
Mozilla Firefox on Windows. 


Instructions for configuring other browsers are in “Eliminating Browser Certificate Errors” in 
the OES 11 SP2: Planning and Implementation Guide. 


1.10.2 Importing the CA Certificate into Mozilla Firefox on Windows 


1 In Firefox on the menu bar, click Tools > Options 





TIP: If the menu bar isn’t visible, you can press F10 to toggle it on and off. 





2 Select the Advanced tab. 

3 Select the Encryption tab. 

4 Click the View Certificates button. 

5 Select the Authorities tab, then click Import. 
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6 Browse to the certificate file you downloaded in “Exporting the CA’s Self-Signed Certificate” on 
page 22 and click Open. 


7 Select Trust this CA to identify Web sites, then click OK > OK > OK. 
Firefox now trusts certificates from the servers in your getting-started lab’s tree. 


8 To verify success, close all instances of Firefox, then restart the browser and log in to iManager 
again. 
The certificate warning doesn’t appear. 


1.10.3 Importing the CA Certificate into Windows Explorer on Windows 


1 In Internet Explorer, click Tools > Internet Options. 


TIP: If the menu bar isn’t visible, you can press F10 to toggle it on and off. 





Click the Content tab. 

Click the Certificates button. 

Select the Trusted Root Certification Authorities tab. 
Click the Import button. 

Click Next. 


Browse to the certificate file you downloaded in “Exporting the CA’s Self-Signed Certificate” on 
page 22 and click Open. 


Click Next. 
9 Click Finish > Yes > OK > Close > OK. 
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1.11 Enabling Pop-Ups for iManager 


Some iManager plug-ins use pop-up dialog boxes that are blocked by most browsers. To use 
iManager, you must enable pop-ups that originate from the servers where iManager is running. 


1.11.1 Firefox 


1 On the Firefox menu bar, click Tools > Options > Content. 
2 Disable all pop-up blocking by deselecting the Block Popup Windows option and clicking OK. 
or 
Add the getting-started lab server to the list of exceptions by doing the following: 
2a Click the Exceptions button. 
2b In the Address of Web Site field, type the OES 11 SP2 getting-started lab server's IP address. 
2c Click Allow > Close. 
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1.11.2 Internet Explorer 


1 On the Command bar, click Tools > Pop-up Blocker > Turn Off Pop-up Blocker. 
2 Click Yes. 


Continue with Chapter 2, “Installing a NetWare Virtual Machine,” on page 25. 
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2.1 


Installing a NetWare Virtual Machine 


Use the instructions in this section to install an Open Enterprise Server 11 SP2 (OES 11 SP2) virtual 
machine host server in your getting-started lab, create a virtual machine on the server, and install 
NetWare 6.5 SP8 on the virtual machine. 


This section describes the following: 


¢ Section 2.1, “Virtualization Host Server Requirements,” on page 25 
è Section 2.2, “Installing the Virtualization Host Server,” on page 26 
+ Section 2.3, “Installing the NetWare 6.5 SP8 Virtual Machine,” on page 34 


Virtualization Host Server Requirements 


For the tasks and exercises described in this section, you need the following in addition to those listed 
in Section 1.1, “Getting-Started Lab Setup Requirements,” on page 9. 


O A server-class computer with the following: 














Component Minimum Recommended 
Computer A server-class computer with 

an Intel EM64T, AMD K8 

(Athlon64) or higher 

processor 
Memory 1 GB RAM 2 GB RAM 
Video card and monitor 1024 X 768 resolution or 

higher with 256 colors 
CD/DVD drive CD/DVD drive 
Hard drive 40 GB (All data will be erased) 
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Component Minimum Recommended 


Network card Ethernet 100 Mbps 





IP address ¢ IP address on the getting- 
started lab subnet. For 
example, 192.168.1.100. 


+ Subnet mask. For 
example, 255.255.255.0. 


+ Default gateway. For 
example, 192.168.1.1. 





Mouse Not required USB or PS/2 


Installation software. 


If you need to download and prepare different media than you used for the first server, go to 
Section 1.2, “Obtaining Installation Media,” on page 11. 





IMPORTANT: For installing the virtualized NetWare 6.5 SP8 guest server, you download the 
NetWare DVD ISO file to the VM host server desktop after the host server is installed and 
running. 





2.2 Installing the Virtualization Host Server 


Although it is possible to install NetWare 6.5 SP8 on a SUSE Linux Enterprise Server (SLES) server 
that has no OES services installed, we recommend that you install the basic OES 11 SP2 services on 
the host server to provide backup services through SMS and management services through Novell 
Remote Manager. 


IMPORTANT: Virtualized NetWare in Xen is an OES product feature. Support of NetWare in a Xen 
virtual machine is available to only OES registered customers. 





Complete the instructions in the following sections. 


+ 


+ 


+ 


Section 2.2.1, “Prerequisites,” on page 27 
Section 2.2.2, “Starting the Installation,” on page 27 


Section 2.2.3, “Setting the Root Password, Configuring the Network, and Updating the Server,” 
on page 30 


Section 2.2.4, “Configuring LDAP and OES Services,” on page 33 
Section 2.2.5, “Setting Up the Graphical User Interface,” on page 34 
Section 2.2.6, “Booting with the Xen Kernel,” on page 34 
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2.2.1 


2.2.2 


Prerequisites 


Before installing OES 11 SP2 on your server, you must complete the following task: 


O Ensure that the server computer meets the requirements outlined in Section 2.1, “Virtualization 
Host Server Requirements,” on page 25. 


Starting the Installation 





WARNING: This procedure permanently erases any data currently on your server’s hard drive. 





1 Prepare the BIOS on your server machine so that it will boot from the CD-ROM drive first. 


2 Insert the DVD you prepared in “Creating the Installation Media” on page 11 into your server 
and reboot the machine. 


3 When the boot selection page appears, immediately press the Down-arrow key to select the 
Installation option, then press Enter. 


If you don’t respond before the machine starts booting from the hard disk, reboot and repeat this 
step. 


After the boot process finishes, select a Language and Keyboard Layout. 

Read and agree to the software license agreement, then click Next. 

Read and agree to the OES 11 SP2 software license agreement, then click Next. 
If prompted to insert additional media, click Retry. 


Verify that New Installation is selected, select the Include Add-On Products from Separate Media 
option, then click Next. 
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9 Make sure the Yes, Run the Network Setup option is selected and click Next. 


10 Use the following table to navigate and configure your server. 


Page Name Action 


Network Setup 1. (Conditional) If your server has multiple network 
cards, select the card the server will use during the 
install, then click Next. 


The page refreshes. 
2. Select Static Address Setup. 


3. In the IP Address field, type the IP address for the 
server. For example, 192.168.1.100 


4. In the Netmask field, type the subnet mask for your 
network. For example, 255.255.255.0. 


5. In the Default Gateway IP field, type the IP address of 
the gateway for your getting started lab subnet. For 
example 192.168.1.1. 


6. Inthe DNS Server IP field, type the IP address of a 
primary DNS server for your network. 


7. Click OK. 





Add-On Product Installation 1. Confirm that Novell Open Enterprise Server 11 SP2 is 
listed as an add-on product, then click Next. 
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Page Name Action 





Clock and Time Zone 1. Select the region and time zone for the server and 
click Next. 
Server Base Scenario 1. Make sure that the Physical Machine option is 


selected, then click Next. 





Installation Settings 1. Click Partitioning. 


11 To ensure a clean install, use the following table to navigate and configure the partitioning 
pages: 
Page Name Action 


Preparing Hard Disk—Step1 1. Select Custom Partitioning (for experts). 
2. Click Next. 





Expert Partitioner 1. Double-click the device entry for the disk you are 
installing to. 


2. Click Expert (just above the Accept button), click 
Create New Partition Table, then click OK > Yes. 


WARNING: This erases all data from the disk you 
are installing to. 


3. Click Add. 
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Page Name 


Add Partition on device_name. 


Action 


1 


With Primary Partition selected, click Next. 


. In the Custom Size field, type 200 MB, then click Next. 
. Inthe Mount Point drop-down list, select /boot, then 


click Finish. 


. Click Add > Next. 


5. In the Custom Size field, type a size roughly twice the 


amount of RAM installed on the server. For 
example, if the server has 1 GB RAM installed, type 
2 GB, then click Next. 


. Inthe File system drop-down list, select Swap, then 


click Finish. 


. Click Add > Next. 
. Inthe Custom Size field, type 10 GB, then click Next. 
. Inthe Mount Point drop-down list, make sure that / 


is selected, then click Finish. 


This is the partition where you install the VM host 
server. 


. Click Add > Next. 
. Inthe Custom Size field, type 25 GB, then click Next. 
. Inthe File System drop-down list, select Ext2. 


Operating systems running in paravirtual mode 
should run their kernels on non-journaling file 
systems, such as Ext2. 


. Inthe Mount Point field, type /vm. 
. Click Finish. 
. Click Accept. 


12 On the Installation Settings page, scroll down and click Software. 


Use the following table to navigate and configure the software pages. 


Page Name 


Software Selection and 
System Tasks 


Action 


1. 


3. 


Under Open Enterprise Services, select Novell Backup / 
Storage Management Services (SMS). 


Notice that Novell Linux User Management and Novell 
Remote Manager are also selected by default. 


These three are the only OES 11 SP2 services that are 
supported to run directly on a Xen virtualization 
host server. 


All OES 11 SP2 services are supported to run on Xen 
guest servers. 


. Under Primary Functions, select Xen Virtual Machine 


Host Server . 
Click OK. 
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Page Name Action 








agfa fonts 1. Click Accept. 
Installation Settings 1. Click Install. 
Confirm Installation 1. Click Install. 


After the files are copied, the system configuration 
takes a few minutes to complete. 


13 If you are prompted for additional input during the configuration, accept the default actions. 


14 Continue with Setting the Root Password, Configuring the Network, and Updating the Server. 


2.2.3 Setting the Root Password, Configuring the Network, and Updating the 
Server 


After the initial system configuration and system reboot, the installation needs more information 
about the root user and the network. 


1 Use the following table to navigate and complete the various configuration pages. 
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Page Name 


Password for the System 
Administrator “root” 


Action 


1. Enter and confirm the root user password, then 
click Next. 





Hostname and Domain Name 


1. If your DHCP server is working correctly, the server 
hostname should appear in the Host Name field. If 
not, type the hostname for the IP address you are 
assigning to the server. For example, myvmhost. 


2. Inthe Domain Name field, if the DNS Domain Name 
isn’t already populated for your network, type the 
domain name for the server. For example, 
mysite.company.example.com. 


3. Deselect Change Hostname via DHCP. 
4. Click Next. 





Network Configuration 


1. Click Network Interfaces. 





Network Card Configuration 
Overview 


1. If your server has multiple network cards, select the 
card the server will use. 


2. Click Edit. 


3. Select No Link and IP Setup (Bonding Slaves) and click 
Next. 





Network Settings 


1. Click the Hostname/DNS tab. 


2. Make sure that the configuration information is 
accurate and complete. 


3. Click the Routing tab. 


4. Make sure that the Default Gateway IP address is 
correct. 


5. Click OK. 





Network Configuration 


1. Click Next. 





Test Internet Connection 


You will need to register your server on the Internet to 
download the latest patches, so you should test the 
Internet connection at this point to make sure everything 
is configured correctly. 


1. Select the option to test the connection. 
2. Click Next. 





Running Internet Connection 
Test 


After a few moments, the Test Status should indicate 
Success. 


If it does not, you need to click Back and fix your network 
configuration and the connection to the Internet. It is 
essential that OES 11 SP2 servers always have the latest 
security and other critical patches downloaded and 
installed. 


1. Click Next. 
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Page Name Action 


Novell Customer Center 1. 


Configuration 


Click Next. 


The server establishes a connection with the Novell 


Customer Center. 





Manual Interaction Required 1. 


Novell Customer Center 1. 


System Registration 


Click Continue. 


In the fields indicated, type and confirm the e-mail 
address to which you want administrative 
notifications sent. 


. Inthe Activation code for SLES components field, type 


the SLES activation code you noted or printed while 
downloading the image files. 


If this code is not entered, the server can’t download 
updates and patches through the Novell patch 
channels. For the OES 11 SP2 release, downloading 
the SLES patches is critical for service configuration 
success. 


. Inthe Activation code for OES components field, type 


the OES 11 SP2 activation code you noted or printed 
while downloading the image files. 


If this code is not entered, the same patch channel 
restriction applies as for SLES. 


. Click Submit. 


Your registration information is sent to the 
Customer Center. This might take a couple of 
minutes to complete. 


. Click Continue. 


The update server is added to your system 
configuration. Again, this might take a few minutes. 





Novell Customer Center 1. 


Configuration pop-up 


Click OK. 





Online Update Depending on the patches that are in the Update 
channels, you might need to run the update process 
more than once. 


1. 
2. 


Select Run Update, then click Next. 
Click Accept. 


Continue through any notifications that appear. The 
update patches are downloaded and installed. 


. When Patch Installation Finished displays below the 


Progress Log, Click Next > OK. 
If the kernel has been updated, the system restarts. 


. Repeat from Step 2 until the Network Services 


Configuration page displays. 
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Page Name Action 


Network Services 1. Because the system restarted due to a kernel 
Configuration changes, you must type and confirm the root 
password, then click OK. 


2. Click Next. 


2 Continue with Configuring LDAP and OES Services. 


2.2.4 Configuring LDAP and OES Services 


The VM host server is not created as an object in eDirectory, but it uses eDirectory LDAP for the OES 


11 SP2 services installed on it. 


1 Use the following table to navigate and complete the eDirectory pages: 


Page Name Action 


Configured LDAP Servers 1. Type the eDirectory tree name 
(example_tree) and Admin name and 
context (cn=admin.o=company), and Admin 
password. 


2. Click Add and add the OES lab server as the 
LDAP server. 


3. Click Next. 





Novell Open Enterprise 1. Click Next. 


Server Configuration The configuration settings are saved for the 


OES services you've installed. 





User Authentication Method 1. Click Next. 


New Local User The root user was created during the SLES 
install. On OES servers (including virtualization 
host servers), we recommend that all users 
except root be defined in eDirectory. Therefore, 
you don’t create additional local users. 


1. Click Next. 





Empty User Login 1. Click Yes. 





Release Notes 1. Click Next. 


The official OES 11 SP2 Release Notes (http:/ 
/www.novell.com/documentation/oes11/ 
oes_readme/data/readme.html) are 
published with the OES 11 SP2 Online 
Documentation (http://www.novell.com/ 
documentation/oes11/oes_readme/data/ 
readme.html). 


2 Continue with Setting Up the Graphical User Interface. 
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2.2.5 Setting Up the Graphical User Interface 


When the Hardware Configuration page appears: 


1 


Review the Graphics Cards configuration to make sure your monitor was detected and that your 
color and resolution settings are the way you want them. 


If the settings are correct, skip to Step 3. 


(Conditional) If the configuration is incomplete or wrong, click the blue links to configure your 
monitor, color, resolution, etc. 


3 Click Next. 
4 When the Installation Completed page appears, deselect Clone This System for Autoyast and click 


Finish. 


Continue with Booting with the Xen Kernel. 


2.2.6 Booting with the Xen Kernel 


By default, the OES 11 SP2 server doesn’t load the Xen kernel required for hosting virtual machines. 
To configure the server to boot the Xen kernel by default: 
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N Oo 8 BB WN RF 


Log in to the server as root. 

On the desktop, click Computer > YaST. 

Click System > Boot Loader. 

Select the XEN option and click Set as Default. 

Click OK. 

Restart the server by clicking Computer > Shutdown > Restart and enter the root password. 
Continue with Installing the NetWare 6.5 SP8 Virtual Machine. 


Installing the NetWare 6.5 SP8 Virtual Machine 


After preparing the virtualization host server, complete the following instructions. For complete 
information and instructions, see the Novell Virtualization Technology documentation Web site 
(http://www.novell.com/documentation/vmserver/index.html). 


+ 


+ 


+ 


Section 2.3.1, “Disabling the Alt+Esc Shortcut on the VM Host Server,” on page 35 
Section 2.3.2, “Downloading the NetWare ISO File,” on page 35 
Section 2.3.3, “Creating a Virtual Machine and Installing NetWare,” on page 35 
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2.3.1 Disabling the AlttEsc Shortcut on the VM Host Server 


Alt+Esc is used on a NetWare server to switch between console screens, but on SLES 11 it moves 
between open windows. To provide the expected behavior for the virtualized NetWare server, you 
must disable the shortcut for SLES 11. 


1 


On the host server as the root user, click Computer > Control Center. 


2 Click Personal > Keyboard Shortcuts. 


3 Under the Window Management category, click Move between windows immediately, then press the 


Backspace key to disable the shortcut. 


4 Click Close. 
5 Close the Control Center. 
6 Continue with Downloading the NetWare ISO File. 


2.3.2 Downloading the NetWare ISO File 


You install NetWare from the DVD . iso file copied to the server’s hard drive. 


1 
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On the host server, click Computer > Firefox and access the NetWare 6.5 SP8 e Media Kit on the 
Novell Download Web site (http://download.novell.com/Download?buildid=dpIR3H1ymhk~). 


On the evaluation page, click Proceed to Download. 

Log in using your Novell Account information. 

Click the Download button for the NW65SP8_ OVL_DVD. iso file. 

Select Save File and click OK. 

In the Save in Folder drop-down list, select Desktop, then click Save. 

The file is saved to the desktop. 

After the file downloads, verify its integrity. 
7a Click Computer > More Applications > System > GNOME Terminal. 
7b At the command prompt, enter cd Desktop. 


The terminal opens in the root user’s home directory (/root). The desktop is contained in a 
subfolder of /root named Desktop. 


7c Check the MD5 checksum value of the downloaded image file by entering: 
md5sum NW65SP8 OVL_DVD.iso 
7d Compare the displayed value against the value listed on the evaluation download page. 


If the values don’t match, you must download the file again until you get a matching 
checksum. 


7e Close the terminal by entering exit. 
7f You can also close the browser and the download dialog box. 


Continue with Creating a Virtual Machine and Installing NetWare. 


2.3.3 Creating a Virtual Machine and Installing NetWare 


1 
2 


On the desktop, click Computer > YaST. 


Select Virtualization > Virtual Machine Manager. 
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Notice that one virtual machine, Domain-0 (the OES 11 SP2 virtual machine host server) is 


already running. 


3 Use the information in the following table to create a second virtual machine and start the 


NetWare installation. 


Page Name 


Virtual Machine Manager 


Action 


1. 


In the list of virtual machines, right-click the localhost 
entry. 


. Select New. 


The Create a Virtual Machine Wizard launches. 





Create a Virtual Machine 


. Click Forward. 





Install an Operating System? 


Type of Operating System 


Summary 


. Click Forward. 


. Click the expand icon next to NetWare, then select Novell 


Open Enterprise Server 2 (NetWare). 


. Click Forward. 
. Click Name of Virtual Machine. 





Name of Virtual Machine 


. Inthe Name field, type LAB_NW_VM. 


It is easier to know which VM you are managing if it 
reflects the name of the server it contains. 


. Click Apply. 





Summary 


. Click Hardware. 





Hardware 


. If your server has more than 1 GB memory installed, 


increase the initial memory allocated to the VM by 
clicking the arrows. 


For example, if your server has 2 GB memory installed, 
you can easily increase the initial memory amount to 
1024 MB. 


. Click Apply. 





Summary 


. Click Disks. 
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Page Name Action 


Disks Initially, a 10 GB file is specified for the partitions/volumes 
on the virtual server. By default, this is a sparse file, meaning 
that although 10 GB is allocated, the size of the file on the 
disk will only be as large as the actual data it contains. Sparse 
files conserve disk space, but they have a negative impact on 
performance. 


The NetWare install allocates 500 MB for a DOS partition and 
8 GB for the SYS: volume. The default disk size of 10 GB 
leaves about 1.5 GB for other partitions, which isn’t very 
much, although it is sufficient for the exercises in this guide. 


However, you allocated 25 GB for the /vm mount point on 
the server, so let’s allocate all of that to this virtual machine. 
1. With the default Hard Disk selected, click Edit. 
2. Modify the path in the Server field to be 
file: /vm/LAB NW_VM/disko 


This creates the virtual machine files on the Ext2 /vm 
partition you created during the installation. 


3. In the Size field, replace 10.0 with 23.3 (the actual 
available disk space on the Ext2 partition). 


4. Deselect Create Sparse Image File. 


This dedicates all of the available physical disk space on 
the Ext2 partition to the VM file and improves 
performance of the Virtual NetWare server. 


5. Click OK. 
6. Click CD-ROM. 


7. Click Browse, then navigate to and select the 
NW65SP8_OVL_DVD. iso file you downloaded to the 
desktop. 


8. Click Open. 
9. Click OK. 
10. Click Apply. 





Summary 1. Click OK. 


The virtual machine is created and the NetWare 
installation starts. 


This can take a few minutes or longer, depending on 
processor speed, memory, etc. Most of the time is 
required to prepare the relatively large VM file. 
However, after the file is prepared, the VM will run 
much more efficiently than if it were using a sparse file. 


4 After the NetWare installation starts, use the following table to navigate the pages listed in the 
left column: 
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IMPORTANT: Some of the instructions that follow assume you have a mouse attached to the 
server. If not, as you install, use the Tab key to select the options indicated, then press Enter to 
continue. 





Page Name Action 
NetWare Installation 1. Click inside the installation window to set the mouse 
pointer. 


2. Use the arrow keys to select a language, then press 
Enter. 


3. Modify the Regional Settings if desired, then select 
Continue and press Enter. 


4. Press F10 twice to accept the license agreements. 


5. Press the Down-arrow key to select Continue, then 
press Enter. 


6. Press Enter to 
+ Create an 8 GB SYS: volume. 
+ Begin copying files for the installation. 


As the files copy, notice the Run, Pause, and 
Shutdown options above the window displaying the 
installation. After the server is installed, they are 
activated, and you can then use them to manage the 
state of the virtual machine. 





Choose a Pattern 1. Click Next. 


Components 1. Select 


+ Apache 2 Web Server and Tomcat 4 Servlet 
Container 


¢ Tomcat 5 Servlet Container 
+ Novell iManager 2.7.2 
2. Click Next. 





Novell iManager 2.7.2 1. Click Yes to install the plug-ins. 





Summary 1. Click Copy Files. 





Server Properties 1. Type LAB_NWw for the server name. 
2. Click Next. 





Protocols 1. Click IP. 
The installation process accesses the server. 


2. Click the first IP Address field, then type the IP 
address of the server. For example, 192.168.1.130. 


3. Type the subnet mask for the address. For example, 
255.255.255.0. 


4. Type the router (gateway) address for the subnet. 
For example, 192.168.1.1. 


5. Click Advanced. 
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Page Name 
Advanced 


Action 


. Click the SLP tab. 
. Inthe DA Server 1 field, type the IP address of the 


SLP Directory Agent (DA), which is the first OES 11 
SP2 server you installed in the getting-started lab. 
For example, 192.168.1.100. 


. Inthe SLP Scope List field, type Directory. 
. Click OK. 





Protocols 


Domain Name Service 


. Click Next. 
. Type the DNS hostname associated with the IP 


address you just entered. 


In contrast to OES servers, this can be different than 
the name used in eDirectory. Of course, you can 
choose to use the DNS name for NetWare servers in 
eDirectory in your production network. In this 
guide, however, the eDirectory server name is 
assumed to be LAB_NW. 


2. Type the domain name. 


ies) 


A 


. Type at least one DNS name server IP address. For 


example, 192.168.1.50. 


. Click Next 





Time Zone 


. Click the correct time zone for your area. 
. Click Advanced. 





Time Synchronization 


. Leave the protocol set to Timesync. 
. Click Use Configured Sources. 
. Inthe Time Source 1 field, type the IP address of the 


same reliable time source you specified for the OES 
11 SP2 getting-started lab server (not the VM host 
server). 


. Select NTP. 
. Click OK. 
. Click Next. 





eDirectory Installation 


. Click Next. 





eDirectory Information 


. Click the Tree icon. 

. Browse to and select EXAMPLE_TREE. 

. Click OK. 

. Click the browse icon to the right of the Context for 


Server Object field. 


. Browse to and select SERVERS (in COMPANY > 


LAB). 


. Click OK. 
. Click Next. 
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Page Name 
eDirectory Login 


Action 


1. Click the browse icon to the right of the Name field. 
2. Browse to and select admin (in COMPANY). 

3. Click OK. 

4. Type the Admin user’s password. 

5. Click OK. 





NDS/eDirectory Patch 
Detection 


The warning doesn’t apply because you are installing into 
an eDirectory 8.8 tree. 


1. Click OK. 


The system checks time synchronization, extends the 
eDirectory schema, and installs an eDirectory replica 
on the virtualized NetWare server. 





eDirectory Summary 


1. Click Next. 





Licenses 


In this page you install the license included with NetWare 
6.5 SP8. The software license doesn’t expire, but your 
evaluation period expires 90 days after you install the 
server. At that point you should either uninstall NetWare 
or purchase the OES 11 SP2 product. For more 
information, see “NetWare 6.5 SP8 Includes MLA License 
Files” in the NW 6.5 SP8: Licensing Services Administration 
Guide. 


1. Click the Browse icon to the right of the License 
Location field. 


2. In the Select a License dialog box, click the expansion 
dots to the left of NW65OS and then the dot to the 
left of LICENSE. 


. Click the NLF file that appears in the right frame. 
. Click OK. 
. Click Next. 
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MLA License Certificate 
Context 


1. Change the NDS Context for the license file to 
O=COMPANY. This makes this license available to any 
additional NetWare 6.5 servers you might choose to 
install in a different context in the tree, including any 
physical NetWare servers you install. 


2. Click Next. 





NetIQ Modular 
Authentication Service 


1. Click Next. 


It takes a few minutes for the installation to 
configure your OES services. If you want to learn 
more about various OES services (most of which we 
have not installed), you can read the information 
pages as the configuration process runs. 


You can install more services later if you want to 
experiment further. 





Reset Your Server Now? 


1. Click Yes. 
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5 Close the Virtual Machine Manager windows by clicking the X on the upper right corner, or by 
right-clicking the title bar and selecting Close. The NetWare server continues to run. 


For Xen best practices and other management tips, see “Administration and Best Practices (http:/ 
/www.suse.com/documentation/sles11/book_xen/data/part_2_book_book_xen.html)” in the 
Virtualization with Xen Guide (http://www.suse.com/documentation/sles11/book_xen/?page=/ 
documentation/sles11/book_xen/data/book_xen.html) guide. 


6 Continue with Chapter 3, “eDirectory, Users and Groups, and Identity Services,” on page 43. 
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eDirectory, Users and Groups, and 
Identity Services 


NetIQ eDirectory is the central, key component of Novell Open Enterprise Server (OES). It provides 
the following: 
¢ Centralized identity management 
¢ The underlying infrastructure for managing your network servers and the services they provide 
¢ Secure access to network services both within the firewall and from the Web 
At this point you have created a new eDirectory tree named EXAMPLE_TREE that you are using to 


learn about OES. As you work with the tree and the objects it contains, you will begin to better 
understand the role eDirectory plays. 


This section discusses the following: 


+ Section 3.1, “Using the eDirectory Information in This Guide,” on page 43 

¢ Section 3.2, “An Introduction to eDirectory Planning,” on page 44 

+ Section 3.3, “Updating the iManager Plug-in Modules,” on page 47 

+ Section 3.4, “Creating a Context for Your Users and Groups,” on page 48 

è Section 3.5, “Assigning a Password Policy to Your Users,” on page 49 

+ Section 3.6, “Creating NCP and NSS Volumes for Home Directories,” on page 49 
¢ Section 3.7, “Creating Users,” on page 53 

+ Section 3.8, “A Note about Identity Manager 4.0.2 Bundle Edition,” on page 56 


Using the eDirectory Information in This Guide 


Before you install OES in a production environment, it is critical that you and your organization take 
time to plan and design your tree. 
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However, the instructions in this guide require no planning on your part. In fact, most of the 
eDirectory objects needed for the exercises in this guide were created in Chapter 1, “Installing the 
OES 11 SP2 Server in Your Getting-Started Lab,” on page 9. 


The information that follows introduces eDirectory. 


If you are already familiar with eDirectory and want to skip the planning introduction, we 
recommend that you do the following: 


1. View the eDirectory tree structure used in this guide (Figure 3-1 on page 45). 
2. Skip to Section 3.3, “Updating the iManager Plug-in Modules,” on page 47. 


3.2 An Introduction to eDirectory Planning 


If you want an efficient and intuitive eDirectory design, you and your organization need to base it on 
two things: 
¢ The layout of your network 


¢ The structure of your organization 


You and your team should carefully think through the issues and design considerations discussed in 
“Designing Your NetIQ eDirectory Network” in the NetIQ eDirectory 8.8 SP8 Administration Guide. 

+ Section 3.2.1, “Your Getting-started Lab’s eDirectory Tree,” on page 44 

+ Section 3.2.2, “Your Current Getting-started Lab Tree,” on page 45 

¢ Section 3.2.3, “Expanding Your Getting-started Lab Tree,” on page 46 


3.2.1 Your Getting-started Lab’s eDirectory Tree 
Figure 3-1 illustrates an eDirectory tree like the one you will use in the getting-started lab exercises 
found in this guide. It also illustrates and explains the basic elements you should consider when 


designing an eDirectory tree. 


NOTE: The IS Organizational Unit object is included for explanatory purposes and is not created in 
this guide. 
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Figure 3-1 Your Getting-started Lab’s eDirectory Tree 
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Reference Explanation 
Letter 
Q The Tree object is the top container object in the tree. It usually contains an Organization 


object (specified in the install by using o=company) that represents your company or 
organization. 


O The Organization object is normally the first (and often the only) container object under the 
Tree object. It is typically named after your organization. 


Small organizations keep object management simple by having all other objects, such as 
users, printers, and servers, directly under the Organization object. 


Organizations that are large enough to have departments or other organizational units 
usually decide to have their tree structure reflect their organizational structure. 


As shown in this getting-started lab example, these organizations create Organizational Unit 
objects (specified during the install by using ou=name) that reflect their departments, 
divisions, geographical locations, etc., as is logical for their organization. 


Sometimes large organizations create multiple Organization objects below the Tree object to 
represent separate business units or subsidiaries. 











O Every tree requires an Admin User object. You will log in as Admin to create or import other 
User objects and to create the rest of your tree structure. 

© This example shows two Organizational Unit objects at the department level (LAB and IS). 

E] This example also illustrates how Organizational Unit objects can be nested to provide a 


complex hierarchy if it is necessary to manage the organization. 


3.2.2 Your Current Getting-started Lab Tree 


The eDirectory tree you have created by installing OES 11 SP2 in your getting-started lab is 
illustrated by the darker objects in Figure 3-2. The objects that are dimmed are for explanatory 
purposes and do not exist in your current tree. When you finish with this guide, the upper level 
organization of your tree will look more like Figure 3-1, except that the IS Organizational Unit shown 
in that illustration will not be created. 
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Figure 3-2 Your Current Getting-started Lab Tree 
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Reference Explanation 
Letter 
Q The OES installation process requires that you specify names for the following objects: 


+ A1: A Tree object 


+ A2: An Organization object 





One of the first objects you specify during an initial installation is the Admin user. 





The OES installation process can also create Organizational Unit (OU) objects to define a 
context for the OES 11 SP2 Server object. 





All other OU objects that you have planned for your tree must be created after the 
installation finishes. For example, you will create the PRINTERS and USERS OU objects 
later in this guide. 





The exception to D is that subsequent installations can create additional contexts to contain 
other OES servers that you install into the tree. For example, you could create a SERVERS 
OU under the IS OU as illustrated. 


© 0| 8/90 


3.2.3 Expanding Your Getting-started Lab Tree 


The instructions in this guide cover only the installation of an OES 11 SP2 and a virtualized NetWare 
6.5 SP8 server in the tree. 


If you were to decide to install additional servers in the tree, the processes you would follow could 
involve some additional planning tasks, as illustrated in Figure 3-3. 
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Figure 3-3 An Expanded Tree 
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Reference Explanation 
Letter 
Q During subsequent installations into the same tree, you can create new Organizational Unit 
objects to provide a context for other OES 11 SP2 servers being installed. 
O If you want to specify other Admin users in the OES 11 SP2 installation parameters, you can 


do this during the installation. Note, however, that such an Admin would probably not be 
granted rights to the entire tree, only to the objects under the IS OU. Admin objects like this 
are often referred to as sub-container admins. 


3.3 Updating the iManager Plug-in Modules 


1 At your Windows workstation, log in to iManager on the OES 11 SP2 getting-started lab server, 
using the eDirectory Admin user account and password. For more information, see the steps in 
Section 1.9, “Accessing iManager,” on page 21. 


If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 118. 


am 
2 Click the Configure icon S| 
3 In the Configure pane, click Plug-in Installation > Available Novell Plug-in Modules. 


A list shows the plug-ins on novell.com that have been updated or created since OES 11 SP2 was 
initially released. 
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4 Click the check box in the header row. 
All of the available plug-in modules are selected. 
5 Click Install. 
6 Agree to the license agreement and click OK. 
7 When the plug-in installation process concludes, click Close. 


You can safely ignore plug-in installation errors in connection with the exercises in this guide. If 
you have concerns about the errors for production servers, contact Novell support or visit the 
Novell Support Web page (http://support.novell.com). 


8 Do not close iManager. Continue with the next section, Creating a Context for Your Users and 
Groups. 


3.4 Creating a Context for Your Users and Groups 


All OES services require that you create User objects to represent the users on your system. The Linux 
User Management component for OES servers requires that you also create a Group object that you 
can assign the users to. 


If you reviewed Section 3.2, “An Introduction to eDirectory Planning,” on page 44, you might have 
noticed an Organizational Unit object named USERS in Figure 3-2 and Figure 3-3. It is helpful to have 
at least one Organization Unit object to contain user-related objects, such as User objects and Group 
objects. 


To create an Organizational Unit container object named USERS in the LAB Organizational Unit 
object: 


1 IniManager, click the View Objects icon S 
In the left pane, click the Browse tab. 


Click the down-arrow £ next to the COMPANY Organization object a. 
Click LAB, then select Create Object from the drop-down list. 

From the Available Object Classes list, select Organizational Unit, then click OK. 
In the Organizational Unit name field, type USERS. 

Click OK > OK. 


Do not close iManager. Continue with the next section, Assigning a Password Policy to Your 
Users. 
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3.5 


3.6 


Assigning a Password Policy to Your Users 


In “Configuring eDirectory and OES Services” on page 17 you created a common proxy user, and a 
universal password policy named Common Proxy Policy. 


In order for the users you create to use some of the OES services you have installed, such as Novell 
CIFS, you must associate the Common Proxy Policy with those users. The simplest method for doing 
this is to associate the policy with the USERS container created in Section 3.4, “Creating a Context for 
Your Users and Groups,” on page 48. 





NOTE: The Common Proxy Policy is associated with the server’s parent container (SERVERS) by 
default. If your users were in the same container as the server or in a subcontainer of it, then the 
following steps would not be needed. However, the USERS container is a sibling to the SERVERS 
container in the tree created in this guide. 





In iManager, click the Roles and Tasks icon g. 
Click Passwords > Password Policies. 

Click the Common Proxy Policy link. 

Click the Policy Assignment tab. 


Click the Browse icon ® next to the Assign To field. 


O ao Aà OO N PF 


In the Contents pane, browse to the LAB Organizational Unit and click the down-arrow £ next 
to it. 


Select the USERS Organizational Unit object, then click OK. 
8 Click Apply > OK. 


9 Do not close iManager. Continue with the next section, Creating NCP and NSS Volumes for 
Home Directories. 


N 


Creating NCP and NSS Volumes for Home Directories 


For the exercises in the guide, you need home directories for the users you create. 
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When you create NCP and NSS volumes before creating users, you can then create home directories 
at the same time as you create the user objects. For that reason, it makes sense to set up the volumes 
prior to user object creation. 

¢ Section 3.6.1, “Home Directories on OES,” on page 50 

¢ Section 3.6.2, “Home Directories on NetWare 6.5,” on page 51 


+ Section 3.6.3, “Summary of Getting-started Lab Home Directories and Purposes,” on page 52 


3.6.1 Home Directories on OES 


On OES, home and other data directories can reside in three possible volume types, each of which is 
presented in this guide. The volume types are: 


¢ Linux POSIX volumes: Your OES 11 SP2 getting-started lab server already contains a / (root) 
partition with an empty /home directory (the default location for home directories on Linux 
servers). 


+ NCP volumes that point to Linux POSIX volumes: Your OES 11 SP2 server has NCP Server 
installed so you can create NCP volumes that point to the Linux POSIX file systems. 


+ Novell Storage Services (NSS) volumes: Your OES 11 SP2 server has unformatted disk space 
available for NSS volumes. (NSS is the native file system on NetWare.) 


There are important differences between the home directories in each of these locations and in the 
configuration steps required to create them and set the needed file/directory trustee assignments, etc. 
+ “The Linux POSIX /home Directory” on page 50 
+ “Creating an NCP Volume on the OES 11 SP2 Server” on page 50 
¢ “Creating an NSS Pool and Volume on the OES 11 SP2 Server” on page 51 


The Linux POSIX /home Directory 


For the exercises in this guide, you create POSIX home directories for two users. This lets you explore 
the differences between directories created through POSIX and directories created through NCP. 
Both directory types exist on the same physical disk space and are displayed as POSIX home 
directories, but only the NCP directories appear in NCP interfaces. 


Creating an NCP Volume on the OES 11 SP2 Server 


OES lets you create NCP volumes that point to directories on the Linux POSIX partitions of your 
server. For the exercises in this guide, you create an NCP volume that points to the /home directory 
on your server. NCP volumes support the Novell File and Directory Trustee Rights model when files 
are accessed through an NCP client. 


NCP volumes on Linux POSIX file systems differ from NSS volumes; NCP volumes do not support 
NSS file attributes, such as Delete Inhibit. For more information, see “Directory and File Attributes” 
in the OES 11 SP2: NCP Server for Linux Administration Guide. 

1 Log into your server as root and click Computer > Gnome Terminal. 


2 Create an NCP volume in NCPCON that points to the /home directory by entering the following 
commands: 


ncpcon create volume home_ncp /home 


3 Type exit and press Enter to close the terminal window. 
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3.6.2 


Creating an NSS Pool and Volume on the OES 11 SP2 Server 


OES supports NSS volumes. NSS is a fast-mounting, journaled file system for OES and NetWare. It is 
the only file system in the industry that is integrated with identity management. NSS volumes 
support the Novell File and Directory Trustee Rights model and also NSS file attributes. For more 
information, see “The Traditional Novell Access Control Model” in the OES 11 SP2: Planning and 
Implementation Guide. 


NSS volumes can span partitions and even hard disks. For a graphical overview of NSS volumes, see 
Section A.1, “NSS Partitions, Pools, and Volumes,” on page 115. 


1 
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On your getting-started lab workstation in iManager, click the Roles and Tasks icon g 
Click Storage > Pools. 


Click the Browse icon Ñ| next to the Server field, 


Browse to and select your OES 11 SP2 getting-started lab server object (in COMPANY > LAB > 
SERVERS). 


Click New. 
Name the pool pool_1x and click Next. 
Click the box next to the system disk in your server (sda, hda, etc.). 


By default, all of the free space on the disk should be automatically entered in the Used Size field, 
and the amount should match the Free Size (MB) displayed to the right of the system disk. If the 
Used Size field is blank, type the free space amount. 


Click Finish. 


POOL_LX is listed as an available pool. Notice that the NSS pool name is uppercase, even 
though you typed lowercase. All NCP and NSS volumes, are created and displayed in uppercase 
to give a visual distinction from the Linux POSIX lowercase norm, to prevent visual confusion of 
letters and numbers (voll vs. VOL1), and because names are case insensitive on NSS. 


After the pool appears in the list, continue in the Storage task by clicking Volumes in the left 
frame. 


Click New. 

In the Name field, type home_nss, then click Next. 

Click the box next to POOL_LX, then click Next. 

Scroll down to File Information > Lookup Namespace 

Long should be selected by default. 

This setting avoids having the NCP server spend cycles doing Long namespace lookups. 
Click Finish. 

HOME_NSS is listed as an available volume. 


Continue with the next section, Home Directories on NetWare 6.5. 


Home Directories on NetWare 6.5 


The default file system for NetWare 6.5 is NSS, which is an NCP volume by definition. 


NetWare servers don’t contain a HOME volume (partition) by default, but it is standard practice 
among NetWare administrators to create a HOME volume for their network users’ private 
directories. 
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Creating a HOME_NW Volume on the NetWare 6.5 SP8 Server 


Your NetWare virtual machine has disk space still available for another NSS pool and volume on disk 
0, which is the 25 GB file you created for the VM in Section 2.3.3, “Creating a Virtual Machine and 
Installing NetWare,” on page 35. 


In iManager, click the Roles and Tasks icon g 


You can manage storage on the NetWare LAB_NW_VM server even though you are running 
iManager on your OES 11 SP2 getting-started lab server. This demonstrates one advantage of the 
tight integration of OES services with eDirectory. 


Click Storage > Pools. 


3 Click the Browse icon |Ñ next to the Server field, 
4 Browse to and select the LAB_NW server object (in COMPANY > LAB > SERVERS). 


Notice that a pool named SYS already exists. This pool contains the default volumes and files 
created with the NetWare server, including a volume that is also named SYS. 


5 Click New. 
6 Name the pool pool_nw and click Next. 


Click the box next to the XenHD device in your virtual machine. 


This “device” is the 25 GB file that you created for the virtual machine. The file currently 
contains all the virtualized NetWare server’s partitions and files. 


By default, all of the free space on the disk should be automatically entered in the Used Size field, 
and the amount should match the Free Size (MB) displayed to the right of the system disk. If the 
Used Size field is blank, type in the free space amount. 


Click Finish. 

POOL_NW is listed as an available pool. 

In the left frame, click Volumes. 

Click New. 

In the Name field, type home_nw, then click Next. 
Click the box next to POOL_NW, then click Next. 
Click Finish. 
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Your getting-started lab servers now have four home directory access points in three physical 


locations (the first two share the same physical partition): 


+ 


/home: This is the default home directory on SLES 11 servers. The underlying file system is Ext3. 
On SLES 11 servers, home directories are normally created on /home by users logging in to the 
server for the first time. 


Home directories on OFS servers are normally created on NCP or NSS volumes. However, they 
can be created manually on /home. User and Group ownership must be manually adjusted 
because the directories belong initially to the root user that creates them. 


HOME_NCP: This is an NCP volume mount point that points to and shares disk space with the 
/home directory mentioned above. In this guide, it illustrates the functionality of the NCP server, 
the Novell File and Directory Trustee Model, and Novell Client access to a Linux POSIX volume. 
(The underlying file system is Ext3.) Home directories on NCP volumes are easily created when 
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users are created in iManager. POSIX permissions to home directories created in iManager must 
be adjusted before users can access the directories through non-NCP applications. This is 
because when the directories are created, the directory owner in POSIX is initially the eDirectory 
Admin User who created the users in eDirectory and their home directories on the Linux file 
system (NCP volume). 


+ HOME_NSS: This is an NSS volume on the OES server. It illustrates the functionality of the 
NCP server, the Novell File and Directory Trustee Model, and NSS file attributes. Because NSS 
volumes are also NCP volumes by default, home directories are easily created at user-creation 
time in iManager. POSIX permissions do not apply to NSS volumes. However, NSS can interface 
with POSIX permissions for applications and access methods that require them. Trustee 
assignments (ownership) are automatically assigned to the eDirectory username or user when 
the home directory is created. 


+ HOME_NW: This is an NSS volume on your virtualized NetWare server. It illustrates the 
functionality of the NCP server, the Novell File and Directory Trustee Model, and NSS file 
attributes on a NetWare server. Trustee assignments (ownership) are automatically assigned to 
the eDirectory user when the home directory is created. 


Creating Users 


For the getting-started lab exercises, you need to create the users shown in Table 3-1. 





IMPORTANT: There are seven users, each representing a different user type you might need on your 
network. 


The unusual user names are designed to communicate the volume type where their home directory is 
located (linux/POSIX, NCP, or NSS [including NetWare]) and whether they are enabled for Linux 
user management (LUM) explained in eDirectory Linux Access (LUM). The exercises that follow in 
this guide explore the implications of these on file and service access. 


Each name includes “edir” to indicate that eDirectory users have access to the traditional Novell file 
services highlighted in this guide: 

+ Novell AFP (Macintosh networking) 

+ Novell CIFS (Windows networking) 

+ Novell iFolder 3.9 

+ NetStorage 





The steps for creating users begin after Table 3-1. 


eDirectory, Users and Groups, and Identity Services 53 


54 


Table 3-1 Users to Create 


Username 


linux1_lum- 
edir 


First 
Name 


Linux1 


Last Home Directory Volume 
Name 


Lum-edir /home 


What This User Demonstrates 


You manually create this user’s 
home directory in the server’s / 
home directory. 


If LUM is configured to allow login 
or sshd access, this user can 
access the OES 11 SP2 server as 
though it is a local user. 





linux2_lum- 
edir 


Linux2 


Lum-edir /home 


You manually create this user’s 
home directory in the server’s / 
home directory. 


If LUM is configured to allow login 
or sshd access, this user can 
access the OES 11 SP2 server as 
though it is a local user. 


The difference between this user 
and the linux1 user is that its home 
directory is not adjusted for 
privacy but has the default POSIX 
permissions. 





ncp_edir 


Ncp 


Edir DNSname_HOME_NCP 


This user’s home directory is 
created by specifying the 
HOME_NCP volume at user- 
creation time in iManager. 


When the instructions in this 
section are complete, the user has 
access to only the traditional 
Novell services: AFP, CIFS, 
iFolder, and NetStorage. 





ncp_lum-edir 


Ncp 


Lum-edir DNSname_HOME_NCP 


This user’s home directory is 
created by specifying the 
HOME_NCP volume at user- 
creation time in iManager. 


When the instructions in this 
section are complete, the user has 
potential access to the server asa 
local user, in addition to traditional 
Novell service access. 





nss_edir 
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Edir DNSname_HOME_NSS 


This user’s home directory is 
created by specifying the 
HOME_NSS volume at user- 
creation time in iManager. 


The user has access to only the 
traditional Novell services: AFP, 
CIFS, iFolder, and NetStorage. 


Username First Last Home Directory Volume What This User Demonstrates 
Name Name 


nss_lum-edir Nss Lum-edir DNSname_HOME_NSS This user’s home directory is 
created by specifying the 
HOME_NSS volume at user- 
creation time in iManager. 


In additional to traditional Novell 
services access, the user has 
access to the server as a local 
user. 





nw_edir Nw Edir LAB_NW_HOME_NW This user represents the traditional 
NetWare user in eDirectory. 


This user’s home directory is 
created by specifying the 
HOME_NW (NSS) volume at user- 
creation time in iManager. 


The user has access to only the 
traditional Novell services: AFP, 
CIFS, iFolder, and NetStorage. 
However, you could also LUM- 
enable the user (and the other 
non-LUM users as well) to verify 
that full OES services are 
potentially available to all 
eDirectory users. 


1 IniManager, in the left pane, click Users > Create User. 
2 Inthe Username field, type a username from Table 3-1. 
For the first user, this is linux1_lum-edir. 


3 Type the first name and last name for the user as shown in Table 3-1. 


4 Click the Browse icon |Ñ next to the Context field. 


5 For the first user, browse to the USERS object (COMPANY > LAB > USERS), then click the object. 


For subsequent users, click the Object History icon “Al and select the USERS object's fully 
distinguished name (FDN). 


6 Type the same password in both the Password and Retype Password fields. 


None of the exercises require unique passwords, so for simplicity, we recommend that you use 
the same password for each user. 


7 Do not select Set Simple Password. 
This is not required for OES because Universal Password is used. 


8 Ifthe Home Directory Volume cell in the table shows /home, skip to Step 9. 


For the other users, select the Create Home Directory option and browse |Ñ] to the NCP or NSS 
volume indicated. (Volumes are in the SERVERS OU.) 


The home directories for the linux* users are created later. 
9 Click OK. 
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10 Click Repeat Task to repeat the process until the other users listed in Table 3-1 on page 54 are 
created. 


11 Do not close iManager. Continue with the next section, A Note about Identity Manager 4.0.2 
Bundle Edition. 


A Note about Identity Manager 4.0.2 Bundle Edition 


If your organization has more than one directory service that stores user information, you should 
consider implementing the Novell Identity Manager 4.0.2 Bundle Edition included with Novell Open 
Enterprise Server. 


The Identity Manager 4.0.2 Bundle Edition provides licensed synchronization of information 
(including passwords) held in NT Domains, Active Directory Domains, and eDirectory trees. 


Not only can you import User objects into eDirectory rather than creating them as you have in this 
section, but you can use Identity Manager to keep all the user data (including passwords that are 
stored in your different databases) synchronized. 


When data from one system changes, Identity Manager detects and propagates these changes to 
other connected systems based on the business policies you define. 


For more information, see “Using the Identity Manager 4.0.2 Bundle Edition” in the OES 11 SP2: 
Planning and Implementation Guide. 


Continue with Chapter 4, “eDirectory Linux Access (LUM),” on page 57. 
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eDirectory Linux Access (LUM) 


Novell Linux User Management (LUM) is a key component of Novell Open Enterprise Server (OES) 
and lets you require users who are accessing PAM-enabled services, such as FTP or SSH, on the OES 
11 SP2 server to authenticate through eDirectory. 


This section discusses the following: 
+ Section 4.1, “Overview of Linux User Management,” on page 57 
¢ Section 4.2, “Creating Group Objects,” on page 58 
¢ Section 4.3, “Enabling the LUMUsers Group for Linux User Management (LUM),” on page 59 
è Section 4.4, “Allowing SSH Access,” on page 60 


+ Section 4.5, “Creating a Home Directory for the linux* Users,” on page 62 


Overview of Linux User Management 


Figure 4-1 illustrates how LUM works with PAM-enabled services. For more detailed information, 
see “Linux User Management: Access to Linux for eDirectory Users” in the OES 11 SP2: Planning and 
Implementation Guide. As illustrated, SFCB is the only PAM-enabled service that is active by default. 
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Figure 4-1 Linux User Management on OES 
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The user-creation steps you completed earlier in this guide (Section 3.7, “Creating Users,” on 
page 53) created three LUM users with limited rights as local users on the OES 11 SP2 server. 


Creating Group Objects 


To simplify user management, you should create one or more groups and associate users with those 
groups. Groups let you manage multiple users at the same time. 


Some actions can only be performed at the group level. For example, enabling users for LUM 
requires making them members of a group that is enabled for LUM. 


For the exercises in this guide, you will create two groups: 


+ LUMUsers: This group is used to LUM-enable some of the users you have created. Having the 
group lets us explore how LUM works and directly experience the SSH security precautions that 
are built into OES. 


+ AllUsers: This group is for all of the eDirectory user objects, including those that are LUM- 
enabled and those that have only traditional Novell services access. 





IMPORTANT: Creating a group named users seems logical to many eDirectory administrators. 


Unfortunately, all SLES 11 servers already have a system-created local group named users, and 
creating a duplicate group in eDirectory causes problems. 
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For more information, see “Avoiding POSIX and eDirectory Duplications” in the OES 11 SP2: 
Planning and Implementation Guide. 





To create the required group objects: 


1 IniManager > Roles and Tasks, click Groups > Create Group. 
2 Inthe Group Name field, type LUMUsers. 


The name contains uppercase and lowercase letters simply to illustrate that case is preserved in 
object names. Some administrators use mixed case to improve readability. 


Click the Browse (Ñ icon next to the Context field. 
Browse to the USERS container object. 

Click OK > Modify. 

Click the Members tab. 


oa fF Ww 


Click the Browse icon ‘& next to the Member field. 


oOo N 


Browse to the USERS container and click the down-arrow £ next to it 
9 Select the following User objects: 
+ linux1_lum-edir 
+ linux2_lum-edir 
+ ncp_lum-edir 
+ nss_lum-edir 
10 Click OK > Apply > OK. 
11 Click Create Group. 
12 Inthe Group Name field, type AllUsers. 


13 Click the Object History icon “fi and select the USERS object's fully distinguished name (FDN). 
14 Click OK > Modify. 
15 Click the Members tab. 
16 Click the Browse icon |Ñ next to the Members field. 
17 Shift-click linux1_lum-edir, drag the mouse down to select all the users, then click nw_edir. 
All of the users are added to the list. 
18 Click OK > Apply > OK. 


19 Do not close iManager. Continue with the next section, Enabling the LUMUsers Group for Linux 
User Management (LUM). 


4.3 Enabling the LUMUsers Group for Linux User Management 
(LUM) 
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IMPORTANT: LUM-enabling users is an important part of these getting-started lab exercises. 
However, in a production environment you should avoid LUM-enabling users until you fully 
understand the potential security issues. For more information, see “SSH Services on OES 11 SP2” in 
the OES 11 SP2: Planning and Implementation Guide. 





If you want eDirectory users to access PAM-enabled services such as login or sshd (SSH), on an OES 
server, you must LUM-enable the users. 


In the Roles and Tasks list, click Linux User Management > Enable Groups for Linux. 

Click the Browse icon ‘| next to the Group Name field. 

Click LUMUsers > OK. 

Make sure the Linux-Enable All Users in These Groups option is selected, then click Next twice. 
Click the Browse icon ®) next to the Unux Workstation Name field. 

Click the up-arrow +t. 

Click the down-arrow + next to SERVERS. 

Click the UNIX Workstation object for the OES 11 SP2 getting-started lab server, then click OK. 
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IMPORTANT: Make sure you select the UNIX Workstation object for the getting-started lab 
server in COMPANY > LAB > SERVERS and not the one for the VM host server that is in 
COMPANY. 





9 Click the Browse icon |À next to the Unix Config Object field. 
10 Click the up-arrow +t. twice 
11 Click the UNIX Config object. 
12 Click Next > Finish > OK. 


LUM-enabled access to OES servers is enabled on an individual server basis. If you install 
additional OES 11 SP2 servers that require LUM access, they must also be added to a LUM- 
enabled group. 


The LUMUsers group and its users are now recognized by the OES 11 SP2 server as local users. 


13 Do not close iManager. Continue with the next section, Allowing SSH Access. 


Allowing SSH Access 


To illustrate how LUM-enabled services work, we will briefly experiment with SSH access for 
eDirectory LUM-enabled users. In Section 10.2.4, “SSH and NetStorage Administration,” on page 92, 
you will see that SSH access is required for a key NetStorage administration feature. 


Complete the steps in the following sections: 


+ Section 4.4.1, “Allowing SSH Access Through the Firewall,” on page 61 
+ Section 4.4.2, “Adding SSH as an Allowed Service in LUM,” on page 61 
+ Section 4.4.3, “Verifying SSH Access,” on page 61 
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4.4.1 Allowing SSH Access Through the Firewall 


1 On the OES 11 SP2 getting-started lab server, click Computer > YaST, then click Security and Users 
> Firewall. 


2 Inthe left navigation frame, click Allowed Services. 
3 In the Services to Allow drop-down list, select Secure Shell Server. 
4 Click Add > Next > Finish. 
The firewall is now configured to allow SSH connections with the server. 
5 Continue with Adding SSH as an Allowed Service in LUM. 


4.4.2 Adding SSH as an Allowed Service in LUM 


1 In YaST in the Open Enterprise Server group, click OES Install and Configuration. 
2 Click Accept. 


3 When the Novell Open Enterprise Server Configuration page has loaded, click the Disabled link 
under Linux User Management. 


The option changes to Enabled and the configuration settings appear. 

Click Linux User Management. 

Type the eDirectory Admin password in the appropriate field, then click OK > Next. 
In the list of allowed services, click sshd. 

Click Next > Next > Finish, then close YaST. 

Continue with Verifying SSH Access. 
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4.4.3 Verifying SSH Access 


The LUMUsers group in eDirectory now has SSH as an allowed service. To verify this: 


1 On the getting-started lab workstation, in the iManager Roles and Tasks list, click Directory 
Administration > Modify Object. 


Click the Browse icon |® next to the Object Name field. 

Browse to and select the LUMUsers group object (in COMPANY > LAB > USERS), then click OK. 
Click the Linux Profile tab, click the General sub-tab, then select the UNIX Workstation object. 
Click the Linux Services sub-tab. 

Notice that sshd (the SSH daemon) is listed as a LUM-Enabled service, then click OK. 


(Optional) If you want to verify that SSH access works, install an SSH client on the workstation 
and attach to the getting-started lab server through one of the LUM-enabled users. Be aware, 
however, that this creates a POSIX home directory for the user in /home and might require 
adjustments to procedures in the next section, Creating a Home Directory for the linux” Users. 
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8 Continue with Creating a Home Directory for the linux* Users. 
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4.5 Creating a Home Directory for the linux* Users 


The NetStorage exercises in this guide involve users’ home directories and specific files they will 
copy to those directories. However, neither of the linux* users currently has a home directory. 


There are two standard ways to create home directories on Linux servers. The first way is for a user to 
log in to the server as a local user (or for OES, as a LUM-enabled user). For example, opening an SSH 
session creates a home directory. 


Because it is unlikely that you want your users to have direct physical access to a production server, 
we will use the second way, which is to create the directory manually, assign the user and group to 
the directory, and then modify access permissions. 


There are two methods you can use to do this. 


+ Section 4.5.1, “Using the File Browser,” on page 62 


+ Section 4.5.2, “Using Terminal Commands,” on page 63 


4.5.1 Using the File Browser 


To create home directories for your linux* users using the graphical interface, do the following: 
y 8 grap 8 


1 As the root user, open a terminal prompt and enter the following command: 
namconfig cache_refresh 


This refreshes the LUM cache and is required for Linux-enabled users and groups to display in 
the GUI unless a few hours have elapsed since you created them. The default cache refresh rate 
in OES 11 SP2 is 8 hours. 


2 As the root user on the server’s desktop, click Computer > Nautilus. 
3 Inthe left panel, double-click File System, then double-click the home folder. 


4 If you see home directories for only the ncp_* users that were created in iManager on the 
HOME_NCP volume, continue with Step 5. 


If you see a home directory for one of the linux” users, that means you used it to experiment with 
SSH access in Step 7 on page 61, thus creating a home directory for the user. In that case, adjust 
the steps that follow as required. 


Right-click the white space in the right panel and select Create Folder. 
Type linuxl_lum-edir as the folder name, then right-click the folder and select Properties. 
Click the Permissions tab. 
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Click the Owner drop-down list, then use the Up-arrow and Dowr-arrow keys to navigate to 
and select the linux1_lum-edir user. 


Notice that the users that you created who are not enabled for LUM are not listed. 
9 Click the Group drop-down list, navigate to and select LUMUsers, then press Enter. 


Neither this group nor the user you selected exist locally. However, because they are LUM- 
enabled, the server recognizes them as though they do. 
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The next three lines (Owner, Group, Others) indicate access permissions for the directory owner 


(linux1_lum-edir), the assigned group (LUMUsers), and everyone else (others). 


Notice that both Group and Others have permission to Read (open) the contents of the folder and 
Execute (browse its contents). This is not what NetWare administrators and users expect because 


home directories are private on NetWare servers. 


10 Make this directory private by setting the Folder Access permissions for Group and Others to None. 


For more information about directory privacy and aligning access on Linux servers to match 


what NetWare administrators are accustomed to, see “Aligning NCP and POSIX File Access 
Rights” in the OES 11 SP2: Planning and Implementation Guide. 


11 Click Close. 

12 Right-click the white space in the right panel and select Create Folder. 

13 Type linux2_lum-edir as the folder name, then right-click the folder and select Properties. 
14 Click the Permissions tab. 


15 Change the file owner to linux2_lum-edir and the file group to LUMUsers by using the drop- 


down lists. 


16 Adjust the permissions for this directory by selecting Change and Delete Files in the Group Folder 


Access drop-down list. This gives full rights to the user’s home directory for anyone in the 
LUMUsers group, which is obviously not something you would normally do. 


Later in the guide we will use this to contrast default POSIX file permissions with the Novell File 


and Directory Security Model. 
17 Inthe Others Folder Access drop-down list, select None. 
18 Click Close. 
19 Continue with Novell CIFS. 


Using Terminal Commands 


Creating home directories for the linux* users, assigning ownership of the directories, and granting 


access permissions involves three terminal commands: 


¢ mkdir: Use this command to make POSIX directories. 


+ chown: Use this command to change user, group, and other ownership of a directory. For more 


information, see “Managing Access Rights” in the OES 11 SP2: Planning and Implementation 
Guide. 


¢ chmod: Use this command to change access permissions. For more information, see “Managing 


Access Rights” in the OES 11 SP2: Planning and Implementation Guide 
Do the following: 


1 As the root user, open a terminal prompt by clicking Computer > Gnome Terminal. 
2 Create a home directory for the linux1_lum-edir user by entering the following command: 
mkdir /home/linuxl_lum-edir 


3 Assign the linux1_lum-edir user and the LUMUser group as the owners of the 1inux1_lum- 
edir directory. 


chown -R linux1_lum-edir:LUMUsers /home/linux1_lum-edir 


Neither this group nor the user you specified exist locally. However, because they are LUM- 
enabled, the server recognizes them as though they do. 
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By default, both the LUMUsers group and other users on the system have permission to Read 
(open) the contents of the folder and Execute (browse its contents). This is not what NetWare 
administrators and users expect because home directories are private on NetWare servers. 


4 Assign all access privileges to the user owner of the linux1_lum-edir directory, and no 
privileges to the group owner or to other users on the system. 


chmod 700 /home/linux1_lum-edir 
5 Now create a home directory for the linux2_lum-edir user. 
mkdir /home/linux2_lum-edir 


6 Assign the linux2_lum-edir user and the LUMUser group as the owners of the 1inux2_lum- 
edir directory. 


chown -R linux2_lum-edir:LUMUsers /home/linux2_lum-edir 


7 Adjust the permissions for this directory by enabling the Read, Write and Execute rights for the 
group. This gives full rights to the user’s home directory for anyone in the LUMUsers group, 
which is obviously not something that you would normally do. 


chmod 775 /home/linux2_lum-edir 


By default, the permissions are set to 755. This command adds the Write right for the group. For 
more information, see “Aligning NCP and POSIX File Access Rights” in the OES 11 SP2: 
Planning and Implementation Guide. 


Later in the guide we will use this to contrast default POSIX file permissions with the Novell File 
and Directory Security Model. 
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Novell CIFS 





Novell CIFS lets Windows users access NSS volumes on Novell Open Enterprise Server 11 SP2 
servers exactly as they would access a Windows file server. For a comparison to Novell Samba, see 
“Comparing Your CIFS File Service Options” in the OES 11 SP2: Planning and Implementation Guide. 


This section discusses the following: 


è Section 5.1, “Overview of Novell CIFS,” on page 65 

¢ Section 5.2, “Setting the Search Context,” on page 66 

+ Section 5.3, “Making Novell CIFS Shares Available to CIFS Users,” on page 67 
+ Section 5.4, “Novell CIFS Users’ Access Rights,” on page 67 


Overview of Novell CIFS 





Figure 5-1 illustrates the file services available through Novell CIFS in OES. 


More Information on Novell CIFS file services in OES 11 SP2 is found in “Novell CIFS 
Implementation and Maintenance” in the OES 11 SP2: Planning and Implementation Guide. 
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Figure 5-1 Novell CIFS 
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IMPORTANT: If you plan to use Novell CIFS in conjunction with Novell AFP and/or NCP file 
services, be sure to read “Cross-Protocol File Locking Might Need To Be Reconfigured if AFP or CIFS 
Is Functioning on an NCP Server” in the OES 11 SP2: Planning and Implementation Guide. 





5.2 Setting the Search Context 


By default, the search context for CIFS users is set to the container where the OES 11 SP2 server is 
installed. The assigned proxy user searches in this context for users seeking access to the CIFS file 
service. You must set a context that points to the USERS container where your User objects are 
located. 

1 IniManager > Roles and Tasks, click File Protocols > CIFS. 


2 Click the Browse icon next to the Server field, then browse to and select the OES 11 SP2 getting- 
started lab server. 


3 Click the Context tab. 

4 Select the entry that points to the SERVERS container, then click Remove. 
In the tree you created, there are no users in the SERVERS container. 

5 Click Add. 

6 Browse to and select the USERS container, then click OK. 

7 Continue with Making Novell CIFS Shares Available to CIFS Users. 
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Making Novell CIFS Shares Available to CIFS Users 


By default, all NSS volumes hosted on an OES server have shares associated with them. If you need a 
share to point to a subdirectory on an NSS volume, then you must create a new share. See “Adding a 
New CIFS Share” in the OES 11 SP2: Novell CIFS for Linux Administration Guide. 


If a volume is created while the Novell CIFS service is running, the service must be restarted to 
discover the volume. 


1 Click the Shares tab. 
2 Ifthe HOME_NSS share is listed, skip to Novell CIFS Users’ Access Rights. 
If not, continue with Step 3. 
3 Click the General tab, then click Stop. The service status changes to Stopped. 
4 Click the Start sub-tab. The service status changes to Running. 
5 Click the Shares tab. 
The HOME_NSS share is listed. 


Novell CIFS Users’ Access Rights 


As illustrated in Figure 5-1, all eDirectory users have automatic access to the Novell CIFS file service, 
assuming that the service is configured correctly. 


However, access to the CIFS file service does not equate to access to the NSS file system and the 
folders and files it contains. It is the Novell File and Directory Trustee Rights model that provides this 
access and that also ensures that users can see only those files and folders to which they have access 
rights. 


Continue with Chapter 6, “Novell AFP,” on page 69. 
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Novell AFP 





Novell AFP lets Macintosh users access NSS volumes on Novell Open Enterprise Server 11 SP2 
servers using AFP networking, exactly as they would Macintosh file servers. 


This section discusses the following: 
¢ Section 6.1, “Overview,” on page 69 
+ Section 6.2, “Setting the Search Context,” on page 70 


+ Section 6.3, “Making NSS Volumes Available to AFP Users,” on page 71 
+ Section 6.4, “Novell AFP Users Access Rights,” on page 71 


Overview 





Figure 6-1 illustrates the file services available through Novell AFP in OES. 


More Information on Novell AFP file services in OES 11 SP2 is found in “Novell AFP Implementation 
and Maintenance” in the OES 11 SP2: Planning and Implementation Guide. 
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Figure 6-1 Novell AFP 
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The exercises in this guide have you access the OES 11 SP2 server by using native Macintosh 
functionality. 





IMPORTANT: If you plan to use Novell AFP in conjunction with Novell CIFS and/or NCP file 
services, be sure to read “Cross-Protocol File Locking Might Need To Be Reconfigured if AFP or CIFS 
Is Functioning on an NCP Server” in the OES 11 SP2: Planning and Implementation Guide. 


6.2 Setting the Search Context 


By default, the search context for AFP users is set to the container where the OES 11 SP2 server is 
installed. AFP searches in this context for users seeking access to the AFP file service. You must set a 
context that points to the USERS container where your User objects are located. 


1 IniManager > Roles and Tasks, click File Protocols > AFP. 
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Click the Browse icon next to the Server field, then browse to and select the OES 11 SP2 getting- 
started lab server. 


Click the Context tab. 

Select the entry that points to the SERVERS container and click Remove. 
Click Add. 

Browse to and select the USERS container, then click OK. 

Continue with Making NSS Volumes Available to AFP Users. 
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6.3 Making NSS Volumes Available to AFP Users 


1 Click the Volume tab, then click Add. 


2 Click the Browse icon |® next to the Volume field. 


3 In the Object Selector, click the down-arrow £ next to the servername_HOME_NSS volume, 
then click the link to the volume. 


4 Inthe Shared Volume Name field, type AFP_Home_NSS and click OK. 


6.4 Novell AFP Users Access Rights 


As illustrated in Figure 6-1, eDirectory users can access any NSS volume where they are granted 
Novell trustee rights. For example, if AFP users have a system-created home directory on the 
HOME_NSS volume, they can see that directory. 


However, if they don’t have Novell trustee rights, they cannot access the volume. This is different 
than for CIFS users. 


As with CIFS users, the Novell File and Directory Trustee Rights model ensures that users can see 
only those files and folders to which they have access rights. 


Continue with Chapter 7, “NetWare CIFS and AFP Access,” on page 73 
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7.1 


NetWare CIFS and AFP Access 


NetWare 6.5 SP8 supports native file access methods from Linux, Macintosh, UNIX, and Windows 
workstations to NSS volumes on NetWare servers. (Access to NetWare Traditional File System 
volumes is not supported.) 


This section discusses the following: 


¢ Section 7.1, “Overview,” on page 73 
¢ Section 7.2, “Enabling NFAP Services on the LAB_NW Server,” on page 74 


Overview 


Figure 5-1 illustrates the native File Access Protocol (NFAP) support services that are enabled by 
installing NetWare 6.5. A more detailed overview of NFAP file services on OES is found in “Native 
File Access Protocols” in the NW 6.5 SP8: Planning and Implementation Guide. 
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Figure 7-1 Native File Access Support on NetWare 6.5 
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Planning and Implementation Guide after completing all the sections in this guide. 


7.2 Enabling NFAP Services on the LAB_NW Server 


When you created the nw_edir user in iManager, you also created a home directory for the user on 


the HOME_NW NSS volume on the virtualized NetWare server LAB_NW. 


By default, all NSS volumes on NetWare servers are available for CIFS and AFP access. To configure 


CIFS access, you must complete two tasks: 


¢ Section 7.2.1, “Creating a Share for the HOME_NW Volume,” on page 75 
+ Section 7.2.2, “Specifying a Search Context,” on page 75 
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7.2.1 Creating a Share for the HOME_NW Volume 


NetWare CIFS requires that you specify the shares that users can access. 
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In iManager > Roles and Tasks, click File Protocols > CIFS. 

Click the Browse icon next to the Server field, then browse to and select the LAB_NW server. 
Click the Shares tab, then click the Add sub-tab. 

In the Share Name field, type home_nw. 


This is the name used to attach to the share. 


Click the Browse icon |& next to the Volume field. 


In the Object Selector, click the down-arrow £ next to the LAB_LNW_HOME_NW volume, then 
click the link to the volume. 


Click OK > OK. 


7.2.2 Specifying a Search Context 


You must specify a search context that NetWare can use to find users needing CIFS access. 


1 


Log into your VM host server as root and click Computer > YaST > Virtualization > Virtual Machine 
Manager. 


2 Double-click the LAB_NW_VM virtual machine. 


3 On the NetWare GUI, click the File Browser (folder) icon once to activate the mouse pointer and 


once to select the browser. 


Double-click the SYS: volume. 


5 Double-click the ETC folder. 


6 Scroll down and double-click the cifsctxs.cfg file. 


nN 


Notice that the search context is set to the SERVERS container. User searches occur only in the 
contexts specified in this file. Subcontainers are not searched. 


Edit the file, replacing SERVERS with USERS, so that the line reads 


OU=USERS . OU=LAB . O=COMPANY 


8 Save the file, close the editor, and close the file browser. 


9 Click the Server Console (computer) icon. 


10 


12 


Stop and then start the CIFS service by entering the following commands: 
CIFSSTOP 

CIFSSTRT 

Close both of the Virtual Machine Manager windows. 

Continue with Chapter 8, “iFolder 3.9,” on page 77. 
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8.1 


iFolder 3.9 





As a key file service component of Novell Open Enterprise Server (OES), Novell iFolder 3.9 provides 
a repository on one or more OES 11 SP2 servers that stores master copies of locally accessible files. 


¢ Section 8.1, “Overview of iFolder,” on page 77 

+ Section 8.2, “Installing the iFolder Client,” on page 78 

+ Section 8.3, “Creating Corresponding Windows Users,” on page 79 
+ Section 8.4, “Refreshing the List of iFolder Users,” on page 80 


¢ Section 8.5, “Configuring iFolder Accounts and Creating iFolders,” on page 80 


Overview of iFolder 





Figure 8-1 illustrates the file services that are enabled by completing the steps in the sections that 
follow. More detailed information on iFolder file services on OES 11 SP2 is found in “Novell iFolder 
3.9.22” in the OES 11 SP2: Planning and Implementation Guide. 
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Figure 8-1 iFolder File Services on OES 


Access Methods 


V © +a 








iFolder Client 


for SLED 
i 
| 
iFolder Client 


for Macintosh 





| 


iFolder Client 
for Windows 


aS | 
es 


i 


iFolder 3 Web Access 
via a Web browser 


eDirectory 
LDAP server 


Installing the iFolder Client 











Authentication/File Encryption 


Upload or Download 


eDirectory LDAP 
server on the 

same or different 
OES server 


iFolder 3 Services 


iFolder 3 
Enterprise servers 


Slave servers 
provide 
scalability 


Master server 
provides 
access 


C» 


iFolder 3 
Web Access Server 


Can run on an 


iFolder 3 Enterprise server 
or a different OES server 





NOTE: Although the exercises in this guide focus on Windows, the iFolder client is also available for 
Linux and Macintosh. For more information, see “Getting Started” the Novell iFolder 3.9.2 Cross- 


Platform User Guide. 





The iFolder client is required for two tasks: 


¢ Automatically synchronizing local iFolder files with the files on the iFolder 3.9 enterprise server. 


¢ Sharing iFolders with other users. 





IMPORTANT: To install the client, the workstation must have an active Internet connection. 
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8.3 


To install the iFolder client: 


1 Log in to the workstation as a Windows administrative user. 
In your browser, access your OES 11 SP2 server’s welcome pages by entering the following URL: 
http://IP_or_ DNS 
where IP_or_DNS is the IP address or full DNS name of your getting-started lab server. 
For example: myserver. company . example .com 
3 On the OES 11 SP2 Welcome Page in the left panel, click the Client Software tab. 


4 Under Available Downloads, click the iFolder Client for Windows link that is appropriate for your 
workstation (32-bit or 64-bit). 


5 Save the file. 
6 Open the downloaded file and install the client. 


The installation process includes several steps. For the installation to succeed, you must agree, 
accept, and answer Yes to the various prompts, including the unknown publisher alert and the 
Microsoft .NET installation (if prompted). Accept all the defaults. 


7 If you install Microsoft .NET, you might be prompted to restart the workstation. If prompted, 
click the Restart button, then after the workstation restarts, log in as the Windows administrative 
user. 


8 Click through the dialog boxes, accepting the defaults until the process is finished. Then click 
Finish > Yes to restart the workstation. 


9 After the workstation restarts, log in as an administrative user. 


10 If needed, cancel the iFolder Account Creation Wizard by right-clicking the iFolder icon in the 
system tray and selecting Exit, then continue with Creating Corresponding Windows Users. 


Creating Corresponding Windows Users 


Some OES services, such as Novell iFolder, interact seamlessly with Windows users that have the 
same username and password as the eDirectory users. 


For the exercises in this guide, you must now create Windows user accounts for the users listed in 
Table 3-1 on page 54 and assign each user the same password you specified for the corresponding 
eDirectory account. 

1 On the Windows workstation, log in as an Administrator user. 


2 Access the Control Panel and select User Accounts and Family Safety > Add or Remove User 
Accounts (Windows 7) or User Accounts (Windows XP). 


3 Create a user account for each user in Table 3-1 on page 54, specifying that the account is a 
computer administrator. 


4 Select the user after creating it, and then create the same password for the user that you specified 
in Step 6 on page 55. 


5 Repeat from Step 3 for each additional user, then continue with Refreshing the List of iFolder 
Users. 
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8.4 Refreshing the List of iFolder Users 


All eDirectory users are enabled for access to iFolder 3.9 by default. However, the iFolder 3.9 
Administration utility must be synchronized with eDirectory. By default this happens every 24 hours. 


1 
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Open your browser and log in to iManager as admin. 

If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 118. 

In Roles and Tasks, click iFolder 3.9 > Launch iFolder Admin Console. 

In the iFolder Server field, type the IP address of the OES 11 SP2 getting-started lab server. 
Select the Authenticate Using Current iManager Credentials option. 

Click OK. 


The Users tab shows the users that are recognized by the iFolder server as having iFolder service 
access. Because the LDAP search context doesn’t include the USERS container, the eDirectory 
users you have added don’t appear in the list. 


Click the Servers tab. 

Click the blue link for the OES 11 SP2 getting-started lab server. 

In the LDAP Details section, click the Edit button. 

In the LDAP Admin DN field, type cn=admin,o=company. 

Notice that the delimeter is a comma (,), not a period (.). 

In the LDAP Admin Password field, type the Admin user password. 
In the LDAP Contexts field, change SERVERS to USERS, then click OK. 
This changes the search context to the USERS directory. 

In the LDAP Details section, click the blue Sync Now link. 

Notice that the default synchronization interval is 1440 minutes (24 hours). 
Click the Users tab. 

Notice that the users you have created are added to the list. 


Close the iFolder Administration console, then continue with Configuring iFolder Accounts and 
Creating iFolders. 


8.5 Configuring iFolder Accounts and Creating iFolders 


Before users can create iFolders, they must set up an iFolder account on the workstation. 
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You should have already created a Windows user account for each eDirectory user as instructed in 
Section 8.3, “Creating Corresponding Windows Users,” on page 79. You will now configure an 
iFolder for linux1_lum-edir and invite the ncp_edir and nw_edir users to share the iFolder. Although 
you can create accounts for the other users, there are no exercises in this guide that involve them 
having iFolder accounts. 


1 Log off as the administrative user, then log in to the Windows workstation as the linux1_lum- 
edir user that you created in Section 8.3, “Creating Corresponding Windows Users,” on page 79. 


2 After the login process finishes, you should be prompted to set up an iFolder account. Click 
Next. 


If you are not prompted to set up an account, right-click the iFolder icon on the toolbar, select 
Accounts, then click New. (You might need to configure the toolbar to display the iFolder icon.) 


3 In the Server Address field, type the IP address or DNS hostname of your OES 11 SP2 server, then 
click Next. 


Type the linux1_lum-edir for the username, then type the password you assigned to the user. 
Select Remember password on this computer, then click Next > Connect. 


If prompted, accept the certificate by clicking Yes. 
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When prompted to create a default iFolder, deselect Create Default Folder, click Next, click Finish, 
and then close the iFolder information window. 
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Right-click the desktop, then click New and create a new folder named linux1_lum-edir_IF3. 
9 After creating the folder, right-click it, then click Convert to an iFolder. 
10 Click OK. 


11 Inthe message that points out how iFolder folder icons look different, select Do Not Show This 
Message Again, then click Close. 


12 Right-click the iFolder, then select iFolder > Share with. 
13 In the iFolder Properties dialog box, click Add. 
14 Inthe iFolder Users column, select Ncp Edir, then click Add>>. 
Nep Edir is added to the Selected Users column. 
15 Add Nw Edir to the Selected Users column as well. 
16 Click OK. 
17 Change the access rights for Nep Edir from Read Only to Read/Write. 
17a Click Ncp Edir. 
17b Click Rights. 
17c Select Read/Write. 
17d Click OK. 
18 Click Apply > OK. 
The two users are configured to access Linux1 Lum-edir’s iFolder. 
19 Log off the workstation. 
20 Continue with Chapter 9, “iPrint,” on page 83. 
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9.1 


iPrint 





As the print services component of Novell Open Enterprise Server (OES), Novell iPrint provides a 
powerful and easy-to-implement printing solution that lets your network users print from any Linux, 
Macintosh, or Windows workstation to any network printer. 

¢ Section 9.1, “Overview of iPrint,” on page 83 

+ Section 9.2, “Creating an eDirectory Context for Printers,” on page 84 

¢ Section 9.3, “Creating a Print Driver Store,” on page 85 

+ Section 9.4, “Creating a Print Manager Object,” on page 85 

¢ Section 9.5, “Adding Printer Drivers to the Driver Store from Windows,” on page 86 


¢ Section 9.6, “Creating iPrint Printer Objects,” on page 88 


Overview of iPrint 





Figure 9-1 illustrates the printing services that are enabled by completing the steps in the sections 
that follow. More detailed information on iPrint services in OES 11 SP2 is found in “iPrint 
Functionality” in the OES 11 SP2: Planning and Implementation Guide. 
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Figure 9-1 iPrint on OES 
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9.2 Creating an eDirectory Context for Printers 


System administrators often create one or more container objects just for network printers. 
Obviously, this is an optional organizational preference issue. Whether you choose to follow this 
convention or not, the printers themselves can be placed in the most convenient and accessible 
locations for your network users. 


1 Log in to the getting-started lab Windows workstation as a Windows user with Administrator 
privileges. 

2 Ifit appears, cancel the iFolder wizard. 

3 Start iManager and log in as the Admin user. 


If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 118. 


4 Click the View Objects icon © 
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5 
6 
7 
8 
9 
10 


Click the Browse tab. 

In the left pane, click the down-arrow £ next to the COMPANY Organization object. 
Click LAB, then select Create Object from the drop-down list. 

From the Available Object Classes list, select Organizational Unit, then click OK. 

In the Organizational Unit Name field, type PRINTERS. 

Click OK twice. 


9.3 Creating a Print Driver Store 


iPrint stores print driver files by workstation type for each of your network printers in a driver store 
in eDirectory. 
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In iManager, click the Roles and Tasks icon g. 
Click iPrint > Create Driver Store. 


In the Driver Store Name field, type Print_Drivers. 


Click the Browse icon ‘& next to the Container Name field. 


Click the down-arrow f next to LAB, then click the PRINTERS Organizational Unit object. 


In the Target Server field, type the DNS name or the IP address of the server that will host the 
driver store. 


Click the Browse icon |Ñ next to the eDir Server name field. 


Click the down-arrow £ next to LAB, click the down-arrow £ next to SERVERS, then click 
your OES 11 SP2 getting-started lab server. 


Click OK twice. 
Continue with Section 9.4, “Creating a Print Manager Object,” on page 85. 


9.4 Creating a Print Manager Object 
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The iPrint Manager is represented by and managed through a Print Manager object in eDirectory. It is 
a daemon that runs on the OES 11 SP2 server, and it must be running when you create Print objects. 

After printing is set up, the iPrint Manager receives print job requests and forwards them to printers 
when the printers are ready. 


1 Continuing from Step 9 in the previous section, click iPrint > Create Print Manager. 
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In the Manager Name field, type the following: 
iPrint_Manager 

3 Click the Browse icon al next to the Container Name field. 

4 Click the down-arrow ¢ next to LAB, then click PRINTERS. 
5 

6 





Click the Browse icon A] next to the eDir Server name field. 


Click the down-arrow ¢ next to LAB, click the down-arrow f next to SERVERS, then click your 
OES 11 SP2 getting-started lab server. 


Click the Browse icon |Ñ] next to the Driver Store name field. 


8 Click the down-arrow ¢ next to LAB, click the down-arrow £ next to PRINTERS, then click 
Print_Drivers. 
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9 In one of the iPrint Service fields, type either the full DNS name of your getting-started lab server 
or its IP address, depending on the option you select. 


10 Click OK twice. 


9.5 Adding Printer Drivers to the Driver Store from Windows 


You can load printer drivers to the Driver Store by using driver files. However, because most 
Windows workstations have an extensive list of printer drivers available on the system, the simplest 
way to add drivers for a Windows platform is to upload them directly. For information on adding 
drivers by using driver files, see “Managing Printer Drivers” in the OES 11 SP2: iPrint Linux 
Administration Guide. 


Complete the following steps once for each of the Windows platforms (7, XP, etc.) that you have in 
your getting-started lab: 





IMPORTANT: This procedure requires Internet Explorer 6 or later. 





1 Open Internet Explorer 6 or later on the workstation and enter the following URL in the Address 
field: 


http://IP_or_ DNS/ipp 

where IP_or_DNS is the IP address or DNS name of your OES 11 SP2 server. 
Click the Install iPrint client link. 

Click Run (or the corresponding options for your platform) and install the client. 
Answer yes to any security warnings, then click Next and follow any prompts. 


After the client installs, click Finish. 
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Close the browser, then open it again using the Run as Administrator option if available. 

Start iManager (http://server/nps) and log in as the Admin user. 

If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 118. 

If you are running Internet Explorer 6, skip to Step 12. 

or 

For Internet Explorer 7 or later, you must configure the pop-up blocker. Continue with Step 9. 
Right-click above the iManager panel and make sure the Menu Bar option is selected. 

In the Menu Bar, click Tools > Pop-Up Blocker > Pop-Up Blocker Settings. 


In the Address of Website to Allow field, type the IP address of the OES 11 SP2 getting-started lab 
server, then click Add > Close. 


Click iPrint > Manage Driver Store. 


Click the Browse icon |& next to the iPrint Driver Store Name field. 


Browse to the Printers container (COMPANY > LAB > PRINTERS), then click the Print_Drivers 
object. 


Click OK. 

Click the Drivers tab. 

If you are running Internet Explorer 6, skip to Step 21. 
or 


If you are running Internet Explorer 7 or later and have not previously approved the iPrint 
ActiveX plug-in to run, an Information Bar might appear directly above the iManager pane. 


If no Information Bar appears directly above the iManager pane, skip to Step 21. 
Click the Information Bar and select Run ActiveX Control, then click Run > Retry. 
Repeat from Step 12. 

In the Drivers Platform drop-down list, select the workstation type you are running. 
You can add drivers from the system only for the workstation type you are running. 


Click Add from System, and then OK any alerts that appear. 





TIP: Although not practical for the step-by-step guided approach used in this guide, the Add 
from File is a more useful option for most administrators because it lets them install print drivers 
for multiple platforms from a single workstation. For more information see, “Managing Printer 
Drivers” in the OES 11 SP2: iPrint Linux Administration Guide. 





In the dialog box for adding a printer, select the correct driver for the printer you plan to use for 
the getting-started lab test. 


Click OK. 


(Optional) To test multiple printers, repeat Step 22 through Step 24 for each printer you want to 
test. 


When you are finished, click Apply > OK. 
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9.6 Creating iPrint Printer Objects 


You can create iPrint Printer objects for all your printers that have drivers in the Driver Store and an 
IP address or DNS name. 
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In iManager, click the Roles and Tasks icon €l 

Click iPrint > Create Printer. 

In the Printer Name field, type a name for your printer. 
Click the Browse icon A] next to the Container Name field. 
Click the down-arrow ¢ next to LAB, then click PRINTERS. 





Click the Browse icon B] next to the Print Manager Name field. 


Click the down-arrow f next to LAB, click the down-arrow £ next to PRINTERS, then click 
iPrint_Manager. 


Type the DNS name or IP address of the printer in the field indicated. 


9 Type a location so users know where to find the printer. 


10 


(Optional) Type a description. 
Click Next. 


Select the printer driver by using the drop-down list for the Windows platform of your getting- 
started lab workstation. 


Click Next. 

Select the default driver for your workstation type, then click Next. 
Click OK. 

Close iManager. 


Continue with Chapter 10, “NetStorage,” on page 89. 
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NetStorage 


As a versatile file services component of Novell Open Enterprise Server (OES), NetStorage provides 
Web-based access to and management of any files on OES servers, except the iFolder 3 files, which 
are accessed through the iFolder Web Access Server instead. 


+ Section 10.1, “Overview of NetStorage,” on page 89 


¢ Section 10.2, “Making Directories Accessible Through NetStorage,” on page 90 


10.1 Overview of NetStorage 


Figure 10-1 on page 90 illustrates the NetStorage file services that are enabled by default. 


More detailed information on NetStorage file services on OES is found in “NetStorage” in the OES 11 
SP2: Planning and Implementation Guide. 
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Figure 10-1 NetStorage on OES 
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10.2 Making Directories Accessible Through NetStorage 


NetStorage makes files on OES servers available on the Internet. Directories can be made available as 
organizational needs dictate. For the exercises in this guide, we will focus on user home directories. 
+ Section 10.2.1, “NCP Users Have Automatic Access to Their Home Directories,” on page 91 
è Section 10.2.2, “Creating a Storage Location Object in iManager,” on page 91 
è Section 10.2.3, “Adding the Object to a Storage Location List,” on page 92 
+ Section 10.2.4, “SSH and NetStorage Administration,” on page 92 
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10.2.1 


10.2.2 


NCP Users Have Automatic Access to Their Home Directories 


For users who have a home directory specified in eDirectory (on an NCP or NSS volume), access to 
that home directory is automatic. 


By default, when users log in to NetStorage, they see a storage location named Home@TREE_NAME. 
This means that the ncp_*, the nss_* users, and the nw_edir user each see their home directories 
when they log into NetStorage. 


The label that users see is configurable in the File Access (NetStorage) iManager plug-in by using the 
NetWare Storage Provider task. You can also specify home directories in additional trees if users log in 
to multiple trees. For more information, see “NetWare Storage Provider” in the OES 11 SP2: 
NetStorage Administration Guide for Linux. 





TIP: The first time you access the NetWare Storage Provider task in iManager, the configuration is 
blank and the column headings are collapsed. To display the configuration, click Set Defaults, click 
another task, then click NetWare Storage Provider again. All of the columns are displayed. 





To make other directories on an OES server available through NetStorage, including non-NCP/NSS 
home directories, you must create a Storage Location Object that points to the directory and then add 
the object to a Storage Location List as explained in the following sections. 


Creating a Storage Location Object in iManager 


A Storage Location object specifies an access protocol and points to a directory on either the 
NetStorage server itself or another accessible server. After object creation, users with rights to the 
directory can access storage location objects through NetStorage. 


For connections to Storage Location objects, NetStorage supports both CIFS and SSH as alternatives 
to NCP (the default NetStorage protocol). Although they are used in this guide, SSH storage 
locations should only be used after certain security issues are understood and dealt with. (For more 
information, see “SSH Security Considerations” in the OES 11 SP2: Planning and Implementation 
Guide.) 


Because the linux*_lum-edir users’ home directories are on a Linux traditional volume, there is no 
default access and you must create a Storage Location object for them to use. 


Because the CIFS protocol on your getting-started lab server uses Novell CIFS, and because Novell 
CIFS provides access to only NSS volumes, the Storage Location object must use SSH. 


To create an SSH Storage Location object: 
1 Start iManager by entering the following URL in a browser Address field: 
http://IP_or_DNS/nps 
where IP_or_DNS is the IP address or DNS name of your OES 11 SP2 server. 
If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 118. 


2 Log in to iManager as the Admin user. 


3 Click the Roles and Tasks icon g 
4 Click File Access (NetStorage) > New Storage Location. 
5 Inthe Object Name field, type 


StorLoc_hostname 
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where hostname is the name of your getting-started lab server. This is the name of the Storage 
Location object in eDirectory (for example, StorLoc_myserver). 


6 Inthe Display Name field, type 

Linux_Home_Directories 

This is the name that users see in the NetStorage directory access list. 
7 Inthe Directory Location field, type 

ssh://IP_or_DNS_Name/home 


where IP_or_DNS_Name is the IP address or full DNS name of your getting-started lab server 
(for example, ssh://myserver.mysite.company.example.com/home). 





IMPORTANT: Protocol designators, such as ssh and cifs, are case-sensitive on OES servers. 
Make sure you don’t type the common uppercase (SSH or CIFS) out of habit. 





8 Click the Browse icon |& next to the Context field. 
9 Browse to and select the SERVERS Organizational Unit object. 
The new Storage Location object will be created in the SERVERS organizational unit object. 
10 Click Create > OK. 


10.2.3 Adding the Object to a Storage Location List 


Storage Location Lists are required for granting access for users, groups, or containers 
(Organizational Unit objects) to Storage Location objects. 


1 In the list of tasks below File Access (NetStorage), click Assign Storage Location to Object. 


2 Click the Browse icon |& next to the Object field. 


This field contains the user, group, or OU object that is granted access to the Storage Location 
object. 


Click USERS > OK. 


3 
4 Click the Browse icon |& next to the Storage Location Objects field. 
5 Click the down-arrow £ next to SERVERS. 

6 Click the StorLoc_hostname object for your getting-started lab server, then click OK. 


You could add multiple Storage Location objects to the list if needed, but we are only adding 
one. 


7 Click OK twice. 
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Many network administrators prefer to use SSH for remote server administration. NetStorage 
includes a special SSH-based Storage Location object named NSS_Volumes that lets eDirectory 
Admin users administer NSS volumes on OES through NetStorage. Admin users can assign trustees, 
administer NSS file and directory attributes, restrict directory size, and so on. 


As a general security precaution, SSH services are not enabled by default on OES 11 SP2 servers. 
However, you enabled SSH services through the firewall in Section 4.4, “Allowing SSH Access,” on 
page 60, and then you enabled SSH as a LUM-enabled service, thus giving SSH access to LUM- 
enabled users. 
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The eDirectory Admin user has SSH access because it is a LUM-enabled user by default. This means 
that the Admin user can use SSH for remote server administration and it can administer the server’s 
NSS volumes through NetStorage. 





NOTE: Unlike home directory access, which automatically connects all users in the tree with their 
NCP or NSS home directories no matter which server the directories are on, default administrative 
access is limited to the nssvolumes Storage Location object located in COMPANY. To provide 
administrative access to the HOME_NW volume on the LAB_NW NetWare server, you would need 
to create an NCP Storage Location object that points to that volume. 





Continue with Chapter 11, “Getting Acquainted with OES,” on page 95. 
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Getting Acquainted with OES 


After you have installed Novell Open Enterprise Server (OES) and completed the configuration 


instructions located in the preceding sections, your OES 11 SP2 server is ready for getting-started lab 


use. 


The instructions and information in this section acquaint you with the basic services available in OES. 


More detailed service overviews are available in the OES 11 SP2: Planning and Implementation Guide. 


For comprehensive documentation for each service, see the administration guides and other 
documentation listed on the OES 11 documentation Web site (http://www.novell.com/ 
documentation/oes11). 


This section guides you through the following tasks: 


+ 


+ 


+ 


+ 


Section 11.1, “Preparing Files for the Getting-started Lab Exercises,” on page 95 
Section 11.2, “Exercises for linux1_lum-edir,” on page 96 

Section 11.3, “Exercises for linux2_lum-edir,” on page 98 

Section 11.4, “Exercises for ncp_lum-edir,” on page 101 

Section 11.5, “Exercises for ncp_edir,” on page 102 

Section 11.6, “Exercises for nss_edir,” on page 106 

Section 11.7, “Administrative Tasks Available in NetStorage,” on page 108 
Section 11.8, “Exercises for nss_lum-edir,” on page 109 

Section 11.9, “Exercises for nw_edir,” on page 111 

Section 11.10, “Macintosh Exercises and Novell AFP,” on page 112 
Section 11.11, “What’s Next,” on page 113 


11.1 Preparing Files for the Getting-started Lab Exercises 
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You will use four small text files in the exercises that follow. 


1 Log in to the Windows workstation as a Windows user with Administrator privileges. 
2 Access this page in the online documentation. 
3 Right-click each of the following links, select Save Link (or Save Target) As, and save the file to the 
desktop. 
¢ MyPrivateFile.txt (http://www.novell.com/documentation/oes11/download/ 
MyPrivateFile.txt) 
¢ Publiclnformation.txt (http://www.novell.com/documentation/oes11/download/ 
PublicInformation.txt) 


¢ TeamProjectReadOnly.txt (http://www.novell.com/documentation/oes11/download/ 
TeamProjectReadOnly.txt) 


¢ TeamProjectWrite.txt (http://www.novell.com/documentation/oes11/download/ 
TeamProjectWrite.txt) 


4 Ifyou are working on Windows 7, move the downloaded files to the Libraries > Documents > 
Public Documents folder on the workstation. 
Or 


If you are working on Windows XP, move the downloaded files to My Computer > Shared 
Documents. 


ol 


Log off Windows. 


Continue with the next section, Exercises for linux1_lum-edir. 


o 


11.2 Exercises for linux1_lum-edir 


¢ Section 11.2.1, “What linux1_lum-edir Can Do,” on page 96 
¢ Section 11.2.2, “Using NetStorage,” on page 97 


11.2.1 What linux1_lum-edir Can Do 
This user has the following service access: 


Table 11-1 linux1_lum-edir Service Access 


Service Details Explored for This User in This Guide 

Novell iFolder Can create and share its own iFolders and Yes. This was done previously in Section 8.5, 

3.9 accept invitations from others to share their “Configuring iFolder Accounts and Creating 
iFolders. iFolders,” on page 80. 
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Service Details Explored for This User in This Guide 


Novell AFP Can access any NSS directories to which it See Section 11.10, “Macintosh Exercises and 
has rights. Novell AFP,” on page 112. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 





Novell CIFS Can access any NSS directories to which it No 
has rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 





NetStorage Can access NetStorage because of the Yes, to demonstrate file copying and deleting. 
Storage Location Object created in 
Section 10.2.2, “Creating a Storage Location Also to show that the linux2_lum-edir 
Object in iManager,” on page 91. directory is publicly available, and not private 
as a NetWare administrator would expect it to 
NetStorage provides this user with access to be. In fact, the directory can also be written to 
its home directory, which it would otherwise by any member of the LUMUsers group 





not have. because of the action you took in Step 15 on 
page 63. 
iPrint Can install and use the printer made available No 


in Chapter 9, “iPrint,” on page 83. 


11.2.2 Using NetStorage 


1 Log in to the Windows workstation as the linux1_lum-edir user. 

2 Close the iFolder window. 

3 Open your browser and log into NetStorage by using the following URL: 
http://IP or DNS/netstorage 
where IP or DNS is your OES 11 SP2 server’s IP address or DNS name. 


4 Type linux1_lum-edir as the User Name, type the associated password in the Password field, 
then click OK. 


5 In the left navigation frame, click the Linux_Home_Directories storage location you created in 
Section 10.2.2, “Creating a Storage Location Object in iManager,” on page 91. 


6 Click the linux1_lum-edir directory to show its contents. 


For the following exercises, you need to copy the exercise files that you downloaded in 
Preparing Files for the Getting-started Lab Exercises to the 1inux1_lum-edir directory. 
However, NetStorage doesn’t support dragging and copying files. Instead you upload files you 
want to store in NetStorage from the workstation to the server. By the same token, you 
download files that you want to work with from the server to the workstation. 


7 Click File > Upload. 


Depending on your workstation and browser version, the Upload dialog box might display 
behind the NetStorage window. If you don’t see the box, try moving the window to see if it’s 
hiding the box. 


8 If prompted, disable the pop-up blocker and click File > Upload again if necessary to open the 
Upload File dialog box. 


9 Click the Browse button. 
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10 


12 


13 


14 
15 


16 


17 


If you are using Windows 7, browse to Libraries > Documents. Select the first file and click Open. 


If you are using Windows XP, browse to the Shared Documents folder where you copied the 
four files in Step 3 on page 96, select the first file and click Open. 


Using the plus (+) sign next to Browse to add files to be uploaded, repeat the process of browsing, 
selecting, and opening the other three files. 


The first files you select might scroll up and off the display, but they are still selected for 
uploading. 

Click the Upload button. 

All four files are copied to the 1inux1_lum-edir directory. 


Select the linux2_lum-edir, ncp_edir, and ncp_lum-edir folders in turn and attempt to copy 
(upload) the first file to each folder. 


Because you assigned the LUMUsers group full access rights to the linux2_lum-edir user’s home 
directory (Step 15 on page 63), the first copy attempt succeeds. linux1_lum-edir is a member of 
the LUMUsers group. But the other attempts fail because the linux1_lum-edir user doesn’t have 
the necessary rights to either of the ncp* users’ folders. 


Open the linux1_lum-edir folder, then select MyPrivateFile.txt. 
Click File > Delete > OK. 

The file is deleted. 

Click View > Show Deleted Files. 


The deleted file is not listed because this feature relies on the Salvage and Purge functionality 
that is available only on NSS volumes, and the underlying file system for the /home directory we 
are working with is Ext3, not NSS. 


For more information on using NetStorage, see the OES 11 SP2: NetStorage Administration Guide 
for Linux. 


Continue with the next section, Exercises for linux2_lum-edir. 


11.3 Exercises for linux2_lum-edir 


+ 


+ 


+ 


Section 11.3.1, “What linux2_lum-edir Can Do,” on page 98 
Section 11.3.2, “Using NetStorage,” on page 99 
Section 11.3.3, “Using iPrint,” on page 100 


11.3.1 What linux2_lum-edir Can Do 


This user has the following service access: 
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Table 11-2  linux2_lum-edir Service Access 


Service 


iFolder 3.9 


Details 


Can create and share its own iFolders and 


Explored for This User in This Guide 


No 


accept invitations from others to share their 
iFolders. 





Novell AFP See Section 11.10, “Macintosh Exercises 


and Novell AFP,” on page 112. 


Can access any NSS directories to which it 
has rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 





Novell CIFS Can access any NSS directories to which it No 


has rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 





NetStorage Can access NetStorage because of the Yes 
Storage Location Object created in 

Section 10.2.2, “Creating a Storage Location 
Object in iManager,” on page 91. Otherwise, 

this user would not have access to its home 
directory because it was created manually as 

a POSIX directory rather than being 


specified in iManager. 





iPrint Can install and use the printer made Yes 


available in Chapter 9, “iPrint,” on page 83. 


11.3.2 Using NetStorage 


Log in to the Windows workstation as the linux2_lum-edir user. 
When the iFolder wizard launches, click Cancel. 


Open your browser. If you are running Windows 7, use the Run as Administrator option. 


Bh WN RF 


Log into NetStorage by using the following URL: 
http://IP or DNS/netstorage 
where IP or DNS is your OES 11 SP2 server’s IP address or DNS name. 


5 Type linux2_lum-edir as the User Name, type the associated password in the Password field, 
then click OK. 


6 Inthe left navigation frame, click the Linux_Home_Directories storage location you created in 
Section 10.2.2, “Creating a Storage Location Object in iManager,” on page 91. 


7 Inthe left navigation frame, click linux2_lum-edir. 


8 Right-click the file in the right frame and notice that you can move, copy, download, delete, and 
rename the file through the NetStorage interface. 


9 Select Properties. 
Notice that the file is owned by the linux1_lum-edir user who copied it to this folder. 
10 Close the Properties window, right click the file again, and select Delete. 
11 Click OK. 
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The file is deleted. 


Although the file was owned by the linux1_lum-edir user who copied it to the folder, 
linux2_lum-edir can delete the file because it has all rights to the folder. 


For a brief overview of what the different POSIX rights allow on directories and files, see “Linux 
(POSIX) File System Access Rights” in the OES 11 SP2: Planning and Implementation Guide. 


12 Click File > Upload. 
Again, if you don’t see the box, try moving the NetStorage Window. 
13 Click the Browse button, browse to the Documents folder, select the first file, and click Open. 


14 Using the plus (+) sign next to Browse to add files to be uploaded, repeat the process of browsing, 
selecting, and opening the other three files. 


The first files you select might scroll up and off the display, but they are still selected for 
uploading. 


15 Click the Upload button. 


All four files should now be copied to the linux2_lum-edir directory. 


For more information on using NetStorage, see the OES 11 SP2: NetStorage Administration Guide for 
Linux. 


11.3.3 Using iPrint 


1 In the browser, access the iPrint page by using the following URL: 
http://IP or DNS/ipp 
where IP or DNS is your OES 11 SP2 server’s IP address or DNS name. 





IMPORTANT: If you are using Windows 7, you will need to run the browser as the 
administrator user. 





2 (Conditional) If you have not previously installed the iPrint client on the workstation, click the 
Install iPrint Client link and install the client now. 


3 Click the link for the printer you created in Section 9.6, “Creating iPrint Printer Objects,” on 
page 88. 


You might need to click the Refresh button to see the printers. 
4 Answer the prompts to install the printer for the linux2_lum-edir user. 
5 Access the Printers property page. 
On Windows 7 click Start > Devices and Printers. 
On Windows XP click Start > Settings > Printers. 
6 Right-click the printer, then click Printer Properties. 
7 Click Print Test Page > OK > OK. 
A test page should print at your printer. 


For more information on various iPrint capabilities, see “Customizing iPrint” in the OES 11 SP2: 
iPrint Linux Administration Guide. 


8 Continue with the next section, Exercises for ncp_lum-edir. 
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11.4 


11.4.1 


11.4.2 


Exercises for ncp_lum-edir 


è Section 11.4.1, “What ncp_lum-edir Can Do,” on page 101 


¢ Section 11.4.2, “Using NetStorage,” on page 101 


What ncp_lum-edir Can Do 


This user has the following service access: 


Table 11-3 ncp_lum-edir Service Access 


Service 


iFolder 3.9 


Details 


Can create and share its own iFolders and 
accept invitations from others to share their 
iFolders. 


Explored for This User in This Guide 


No 





Novell AFP 


Can access any NSS directories to which it 
has rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 


See Section 11.10, “Macintosh Exercises 
and Novell AFP,” on page 112. 





Novell CIFS 


Can access any NSS directories to which it 
has rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 


No 





NetStorage 


Can access its home directory through 
NetStorage because all home directories 
created through iManager and stored as 
attributes in eDirectory are exposed through 
the HOME@EXAMPLE_TREE default 
storage location. 


Yes 





iPrint 


Can install and use the printer made 
available in Chapter 9, “iPrint,” on page 83. 


Using NetStorage 


No 


1 Log in to the Windows workstation as the ncp_lum-edir user. 


2 When the iFolder wizard launches, click Cancel. 


3 Open your browser and log into NetStorage by using the following URL: 


http://IP or DNS/netstorage 
where IP or DNS is your OES 11 SP2 server’s IP address or DNS name. 


Getting Acquainted with OES 


101 


4 Type ncp_lum-edir as the User Name, type the associated password in the Password field, then 
click OK. 


5 Click the HOME@EXAMPLE_TREE storage location. 

Unlike the Linux_Home_Directories storage location, this directly opens the home directory. 
6 Click File > Upload, browse to the Documents folder, and upload one of the text files. 

The file appears in the folder. 
7 Click the ncp_lum-edir folder in the Linux_Home_Directories storage location. 

Notice that the folder appears to be empty. 


This is because the ncp_lum-edir home directory was created with the user object in iManager 
by the eDirectory Admin user. As part of the directory’s creation, the ncp_lum-edir user was 
assigned Novell trustee full-access rights to it. And because access to HOME@EXAMPLE_TREE 
provides NCP-based access to the directory, the user is recognized as the directory owner 
through that storage location. 


However, the Linux_Home_Directories storage location provides SSH-based according to the 
directory’s POSIX attributes. From the POSIX perspective, the eDirectory Admin user created 
the directory and is, therefore, its owner. The only POSIX rights that ncp_lum-edir has are 
because it is a member of the LUMUsers group. That is why it can see only the directory and not 
its content when accessing it through SSH. 


8 Click the linux2_lum-edir folder in the Linux_Home_Directories storage location. 
Notice that the four files uploaded by the user in Step 12 on page 100 are listed. 


This is because the ncp_lum-edir user is a member of the LUMUsers group, and that group has 
all rights to linux2_lum-edir’s home directory as assigned in Step 16 on page 63. 


For more information on using NetStorage, see the OES 11 SP2: NetStorage Administration Guide for 
Linux. 


11.5 Exercises for ncp_edir 


è Section 11.5.1, “What ncp_edir Can Do,” on page 102 
¢ Section 11.5.2, “Using iFolder,” on page 103 
¢ Section 11.5.3, “Using NetStorage,” on page 105 


11.5.1 Whatncp_edir Can Do 


This user has the following service access: 
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11.5.2 


Table 11-4 ncp_edir Service Access 


Service 


iFolder 3.9 


Details 


Can create and share its own iFolders and 
accept invitations from others to share their 
iFolders. 


Explored for This User in This Guide 


Yes 





Novell AFP 


Can access any NSS directories to which it 
has rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 


See Section 11.10, “Macintosh Exercises 
and Novell AFP,” on page 112. 





Novell CIFS 


Can access any NSS directories to which it 
has rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 





NetStorage 


Can access its home directory through 
NetStorage because all home directories 
created through iManager and stored as 
attributes in eDirectory are exposed through 
the HOME@EXAMPLE_TREE default 
storage location. 


Yes 





iPrint 


Can install and use the printer made 
available in Chapter 9, “iPrint,” on page 83. 


Using iFolder 


¢ “Setting Up iFolder” on page 103 


+ “Observing File Synchronization” on page 104 


e “Using iFolder Web Access” on page 104 


Setting Up iFolder 


No 


ncp_edir has full access to all iFolder user functionality, but for the purposes of this guide we will 
only accept the invitation that was extended by linux1_lum-edir and briefly explore what is available 
through that invitation. 


1 At the Windows workstation, log in as ncp_edir. 


2 After the iFolder Account Creation Wizard launches, click Next. 


3 In the Server Address field, type the IP address or DNS name of the OES 11 SP2 getting-started lab 
server, then click Next. 


4 Type the username and password for ncp_edir, select Remember password on This Computer, then 


click Next. 
Click Connect. 


oN OO UO 


If prompted, accept the certificate by clicking Yes. 
Deselect Create Default iFolder, then click Next. 
Click Finish. 
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9 Right-click in the iFolder dialog box and select Refresh, then click linux1_lum-edir_IF3. 
Remember that this is the iFolder that linux1_lum-edir shared with the ncp_edir user. 
10 In the icon row at the top, click Download. 
11 Click OK. 
The iFolder is created on the desktop. 
12 Double-click the iFolder on the desktop to open it in Windows Explorer. 


13 Navigate to the Documents folder, then drag and copy (using the Ctrl key) the four files to the 
linux1_lum-edir_IF3 folder. 


You can do this because ncp_edir has default Read/Write permissions to the shared iFolder. 


Make sure you copy (by pressing the Ctrl key) rather than moving the files from the Shared 
Documents folder. Otherwise, the files will be moved and won't be available to other users who 
log in. 


14 Continue with the next section, “Observing File Synchronization.” 


Observing File Synchronization 


To understand more about how iFolder works, it is helpful to observe the file synchronization 
processes in action. 
1 On the desktop in the taskbar, right-click the iFolder icon and select Synchronization Log. 
The iFolder Synchronization Log opens. 
2 Right-click the iFolder icon again and select Preferences. 
3 Change the Synchronization interval to 1 minute and click Apply. 


Normally you would not want to synchronize this often, but for our current purposes it helps to 
expedite log activity. 


4 Delete the MyPrivateFile.txt file from the linux1_lum-edir iFolder on the desktop. 


Within a couple of minutes the change is synchronized with the iFolder server. Notice that there 
are various synchronization operations involved to ensure that all changes are tracked in order 
and coordinated among the various iFolders on the server and affected workstations. 


5 Continue with the next section, “Using iFolder Web Access.” 


Using iFolder Web Access 





NOTE: By default, interaction with an iFolder 3.9 server is encrypted through SSL 3.0. 





Users can access their iFolders through most browsers that support SSL 3.0. 


1 Open your browser and enter the following URL: 
https://IP_or_DNS_name/ifolder 
where IP_or_DNS_name is the IP address or complete DNS name of your OES 11 SP2 server. 
2 If prompted, accept the certificate. 
3 Log in as ncp_edir. 
4 Click the linux1_lum-edir_IF3 link and observe the following: 


¢ The files you copied to the iFolder are available in the browser. 
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¢ By clicking a file link, you can automatically download and open the file, or you can save it 
to your desktop. After downloading and modifying a file, you can upload it and replace the 
original on the iFolder server. 


¢ Using the links above the files, you can create new folders, upload files, and delete a 
selected file from the server. 


Changes made to iFolders on the server through browser connections are synchronized 
with the corresponding iFolders on workstation desktops the next time users log in. 


5 Close the browser. 


6 Continue with the next section, “Using NetStorage.” 


11.5.3 Using NetStorage 


1 Using your browser, log into NetStorage by using the following URL: 
http://IP or DNS/netstorage 
where IP or DNS is your OES 11 SP2 server’s IP address or DNS name. 


2 Type ncp_edir.USERS.LAB.COMPANY as the User Name and the associated password in the 
Password field, then click OK. 


“Contextless Login Does Not Work For Users Who Are Not LUM-Enabled or Whose Context Is 
Not in the Search Context List” in the OES 11 SP2: Domain Services for Windows Administration 
Guide. 


3 In the left navigation frame, click Home@EXAMPLE_TREE. 
4 Click File > Upload. 
If you are prompted, enable pop-ups and repeat this step. 


5 Click the Browse button and navigate to the Shared Documents folder, then select the first file and 
click Open. 


6 Click the Plus sign (+) by the Browse button to add another field. Then click Browse, select the next 
file, and repeat this step until all four files are selected. 


7 Click Upload. 
8 Log in to the OES 11 SP2 server as the root user and click Computer > Nautilus. 
9 Double-click File System > home > ncp_edir. 
10 Verify that the files you copied in NetStorage are on the server. 
11 Right-click a file, select Properties, then click the Permissions tab and observe the following: 
+ The File Owner is root. 
+ The File Group is root. 
+ Group and Others have no rights, reflecting the fact that the file is on an NCP volume. 


Generally speaking, these POSIX permissions do not cause any problems. They do not affect 
NetStorage functionality for the user in this configuration because Home@EXAMPLE_TREE is an 
NCP storage location object; NCP file and directory trustee assignments govern access, not 
POSIX permissions. If the user accesses the files through a Novell Client, NCP assignments 
govern. 


12 On the getting-started lab workstation, in the left navigation bar, click the 
Linux_Home_Directories storage location. 
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After a few moments, a message displays indicating that NetStorage cannot access the location. 
This is because the ncp_edir user is not LUM-enabled and therefore has no SSH access to the 
server. 


13 Continue with the next section, Exercises for nss_edir. 


11.6 Exercises for nss_edir 


* Section 11.6.1, “What nss_edir Can Do,” on page 106 
¢ Section 11.6.2, “Using NetStorage,” on page 107 


11.6.1 What nss_edir Can Do 
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This user has the following service access: 


Table 11-5 nss_edir Service Access 





Service Details Explored for This User in This Guide 
iFolder 3.9 Can create and share its own iFolders and No 
accept invitations from others to share their 
iFolders. 
Novell AFP Can access any NSS directories to which it See Section 11.10, “Macintosh Exercises and 
has rights. Novell AFP,” on page 112. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 





Novell CIFS Can access any NSS directory to which it has Yes 
rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 





NetStorage Can access its home directory through Yes 
NetStorage because all home directories 
created through iManager and stored as 
attributes in eDirectory are exposed through 
the HOME@EXAMPLE_TREE default 
storage location. 





iPrint Can install and use the printer made available No 
in Chapter 9, “iPrint,” on page 83. 
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11.6.2 Using NetStorage 


1 Log in to the Windows workstation as the nss_edir user. 

2 When the iFolder wizard launches, click Cancel. 

3 On the Windows workstation in your browser, log into NetStorage by using the following URL: 
http://IP or DNS/netstorage 
where IP or DNS is your OES 11 SP2 server’s IP address or DNS name. 


4 Typenss_edir.USERS.LAB.COMPANY as the User Name, type the associated password in the 
Password field, then click OK. 


5 In the left navigation frame, click Home@EXAMPLE_TREE. 


This share point links directly to the NSS home directory for the user that is specified in 
eDirectory. 


6 Click File > Upload. 
If needed, allow the pop-up and repeat this step. 


7 Click the Browse button and navigate to the Shared Documents folder, then select the first file and 
click OK. 


8 Click the Plus sign (+) by the Browse button to add another field. Then click Browse, select the next 
file, and repeat this step until all four files are selected. 


9 Click Upload. 
10 Select MyPrivateFile.txt, then click File > Rename and rename the file to junk. txt. 
11 Upload MyPrivateFile.txt again. 
12 Right-click junk.txt and select Delete, then click OK. 


The file is removed from the list, but because this is an NSS volume with Salvage enabled, the 
file is not gone from the NSS file system. 


13 Click View > Show Deleted Files. 
14 Select junk.txt, then click File > Undelete. 

In Internet Explorer 8 you must allow the Windows script to run and repeat this step. 
15 Click OK. 

Notice that the file is still displayed as a deleted file. 


This is because NSS cannot track POSIX ownership of files for users that are not LUM-enabled. 
For more information, see “OES Services That Do Not Require LUM-Enabled Access But Have 
Some LUM Requirements” in the OES 11 SP2: Planning and Implementation Guide. 


If nss_edir were using the Novell Client, the file could be salvaged through the client, but 
because we are not exploring the Novell Client in this guide, this is a good place to look at a few 
of the administrative features for NSS volumes that are available to eDirectory Admin users 
through NetStorage. 


16 Continue with the next section, Administrative Tasks Available in NetStorage. 
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11.7 Administrative Tasks Available in NetStorage 


è Section 11.7.1, “Recovering the junk.txt File,” on page 108 
+ Section 11.7.2, “Setting Rights to TeamProjectReadOnly.txt,” on page 108 
+ Section 11.7.3, “Setting Rights to TeamProjectWrite.txt,” on page 108 


11.7.1 Recovering the junk.txt File 


1 Log in to NetStorage as the eDirectory Admin user and browse to the nss_edir home directory 
in the left frame. 


2 Click View > Show Deleted Files. 
3 Select junk.txt. 
4 Click File > Undelete, then click OK. 
In Internet Explorer 8 you must allow the Windows script to run and repeat this step. 
5 Click View > Refresh. 
You might have to refresh the Windows to see the deleted file. 


The file has been fully recovered. 


11.7.2 Setting Rights to TeamProjectReadOnly.txt 


1 Right-click TeamProjectReadOnly.txt and select Properties. 
2 Click Novell Rights. 
This displays the Novell File Trustee assignments for the file. 
3 Click the Browse icon next to the blank field under the Trustees list. 
4 Click EXAMPLE_TREE > COMPANY > LAB > USERS > AllUsers. 
5 Click the plus sign, then click the Novell Rights tab again. 





TIP: The first time you attempt this, you might get an error screen. In that case, right-click Back 
and try again. The next attempt should succeed. 





The AllUsers group members are now trustees of the TeamProjectReadOnly.txt file in the 
nss_edir home directory. 


Notice the check boxes to the right of the AllUsers group, indicating that the group has Read and 
File Scan rights to the file. 


6 Click Apply > Close. 
7 Continue with Setting Rights to TeamProjectWrite.txt. 


11.7.3 Setting Rights to TeamProjectWrite.txt 


1 If the previous file is still selected, deselect it. 
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11.8 


11.8.1 


Right-click options are only available on single files and are prevented if multiple files are 
selected. 


2 Right-click TeamProjectWrite.txt and select Properties. 
3 Select Rename Inhibit, select Delete Inhibit, then click Apply. 


N © of ff 
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The NSS file system is now set to prevent the file from being renamed or deleted by anyone, 
including nss_edir. 


Click Novell Rights. 

Click the Browse icon next to the blank field. 

Click EXAMPLE_TREE > COMPANY > LAB > USERS > LUMUsers. 
Click the plus sign (+), then click the Novell Rightsnww tab again. 


The LUMUsers group members are now trustees of the TeamProjectWrite.txt file in the 
nss_edir home directory. 


Notice the check boxes to the right of the LUMUsers group, indicating that the group has Read 
and File Scan rights to the file. 


Assign the group the Write right by selecting the check box to the right of the first one that is 
checked (the Read check box). 


Click Apply > Close. 


Continue with the next section, Exercises for nss_lum-edir. 


Exercises for nss_lum-edir 


+ 


+ 


Section 11.8.1, “What nss_lum-edir Can Do,” on page 109 
Section 11.8.2, “Using Novell CIFS File Services,” on page 110 


What nss_lum-edir Can Do 


This user has the following service access: 


Table 11-6 nss_lum-edir Service Access 





Service Details Explored for This User in This Guide 
iFolder 3.9 Can create and share its own iFolders and No 
accept invitations from others to share their 
iFolders. 
Novell AFP Can access any NSS directories to which it See Section 11.10, “Macintosh Exercises 
has rights. and Novell AFP,” on page 112. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 
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Service Details Explored for This User in This Guide 


Novell CIFS Can access any NSS directory to which it Yes 
has rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to only 
see and do what it has rights for. 





NetStorage Can access its home directory through No 
NetStorage because all home directories 
created through iManager are stored as 
attributes in eDirectory are made available 
through the HOME@EXAMPLE_TREE 
default storage location. 





iPrint Can install and use the printer made No 
available in Chapter 9, “iPrint,” on page 83. 


11.8.2 Using Novell CIFS File Services 


1 Log in to the Windows workstation as the nss_lum-edir user. 
2 When the iFolder wizard launches, click Cancel. 
3 On Windows 7, click Start > Computer > Map Network Drive. 
On Windows XP, open Windows Explorer or My Computer and click Tools > Map Network Drive. 
4 Click the Drive drop-down list and select an unused drive letter. 
5 In the Folder field, type the following: 
\\IP_or_DNS\home_nss. 
where IP_or_DNS is the IP address or full DNS name of the OES 11 SP2 server. 
6 Click Finish. 
The system maps the drive and opens at the root of the HOME_NSs volume. 


Normally, only the nss_lum-edir home directory would appear. However, because we granted 
group rights to two files in the nss_edir home directory, it also appears. 


7 Open the nss_edir home directory and notice that the two files are displayed, but the other files 
innss_edir are not. 


This illustrates the granular access capabilities of NCP file services. 


8 Open the TeamProjectReadOnly.txt file in a text editor, such as Notepad. Then change the file 
contents and try to save the changes. 


You are prevented from doing anything except reading the file, including saving the file with a 
different name. 


9 Open the TeamProjectWrite.txt file in the text editor. Then change the file contents and save 
the file. 


10 Close the file and reopen it in the editor. 
Your changes were saved because of the rights you have to the file. 
11 Close the file and try to delete it. 
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11.9 


11.9.1 


Some versions of Windows XP wrongly report that the file has been deleted. However, if you 
close the drive and reopen it, you will see that it is still there. See “Windows XP SP2 Wrongly 
Reports File Deletion.” 


12 Continue with the next section, Exercises for nw_edir. 


Exercises for nw_edir 


¢ Section 11.9.1, “What nw_edir Can Do,” on page 111 
è Section 11.9.2, “Using NetWare CIFS File Services,” on page 112 


What nw_edir Can Do 


This user has the following service access: 


Table 11-7 nw_edir Service Access 





Service Details Explored for This User in This Guide 
iFolder 3.9 Can create and share its own iFolders and No 

accept invitations from others to share their 

iFolders. 
NetWare AFP Can access any NSS directories to which it No 

has rights. 


Access rights to directories are governed by 
the NSS file system, allowing the user to 
only see and do what it has rights for. 





NetWare CIFS Because its home directory is on the Yes 
virtualized NetWare server, this user has 
automatic CIFS/SMB access to the directory 
(assuming the configuration steps in 
Section 7.2, “Enabling NFAP Services on 
the LAB_NW Server,” on page 74 are 
completed.) 





NetStorage Can access its home directory through No 
NetStorage because all home directories 
created through iManager are stored as 
attributes in eDirectory are made available 
through the HOME@EXAMPLE_TREE 
default storage location. 





iPrint Can install and use the printer made No 
available in Chapter 9, “iPrint,” on page 83. 
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11.9.2 Using NetWare CIFS File Services 


11.10 


ao F&F OO N PF 


Log in to the Windows workstation as the nw_edir user. 

When the iFolder wizard launches, click Cancel. 

Open Windows Explorer or My Computer and click Tools > Map Network Drive. 
Click the Drive drop-down list and select an unused drive letter. 

In the Folder field, type the following: 

\\IP_or_DNS\home_nw 

where IP_or_DNS is the IP address or full DNS name of the LAB_NW server. 





TIP: After doing so many exercises involving the OES 11 SP2 Getting-started Lab server, it is 
easy to use the wrong IP address or DNS name. Make sure you are accessing your virtualized 
NetWare server. 





Click Finish. 
The system maps the drive and opens at the root of the HOME_NW volume. 


Navigate to the Shared Documents folder, then drag and copy the four files to the nw_edir 
folder. 


Continue with the next section, Macintosh Exercises and Novell AFP. 


Macintosh Exercises and Novell AFP 


Most of the exercises you have performed in this guide can also be performed on a Macintosh 
workstation, so we will not repeat them. 


OES 11 SP2 includes iPrint and iFolder clients for the Mac, and NetStorage and iFolder Web services 
work equally well on most browsers, including those on mobile devices. 


Novell CIFS even works well with the Macintosh file sharing functionality. 


To explore Novell AFP on your getting-started lab’s Macintosh workstation, do the following: 


1 While logged into the workstation, click the Finder, then click Go > Connect to Server. 


2 


In the Connect to Server dialog box, type the OES 11 SP2 server’s IP address or DNS name, then 
click Connect. 


3 Type an nss* user’s name and password and click Connect. 


You should see the folders on the HOME_NSS volume to which the user has access rights. 
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11.11 What’s Next 


Your getting-started lab is now set up and ready to use for building your experience with OES 11 SP2. 


The exercises in this guide have highlighted only a few major points and features. There are 
numerous additional things worth exploration. 


After you complete the exercises in this guide, we recommend that you do the following: 


1. Think about the needs of your organization and how the various OES 11 SP2 product 
components can help you address those needs. 


2. Think about your network users and their file and print service needs. Match them against the 
different user types created in this guide. Then take the opportunity to do some hands-on 
exploring of the access capabilities and limitations for the matching users. For example, set up 
and experiment with the privacy and collaboration capabilities for each user through both NCP 
and POSIX. 


3. Begin planning your organization’s eDirectory tree and the rollout of OES 11 SP2 services to 
your organization. 


As you plan for, work with, and install OES 11 SP2, be sure to consult the other OES 11 SP2 product 
documentation mentioned in “If You Want to Use This Guide as a Reference” on page 8. 
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A.1 


Supplementary Information 


This section contains supplementary explanations and instructions. 


¢ Section A.1, “NSS Partitions, Pools, and Volumes,” on page 115 


¢ Section A.2, “iManager Tomcat Error,” on page 118 


NSS Partitions, Pools, and Volumes 


For a complete discussion about NSS, refer to the OES 11 SP2: NSS File System Administration Guide for 


Linux. 
This section presents the following: 


+ A quick overview of the three Linux partitions on your getting-started lab server 


+ A general overview of NSS partitions and the mechanisms that let you create NSS volumes on 


them 
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Figure A-1 Partitions, Pools, and Volumes 
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Reference Letter Explanation 


Partitions are physical sections on a hard disk that are managed by a file system. 
The most common file systems on Linux servers today are Ext3, Reiser, and XFS. 





The boot partition on your getting-started lab server is managed by the Exts file 
system. The files and configuration data it contains start the server. 





The swap partition is managed by a file system that swaps information between 
memory and the disk, thus augmenting the RAM installed in the server. 





©2|e/01@ 


The / (root) partition on your server is managed by Ext3 and stores all the getting- 
started lab server’s system and data files, including OES services, eDirectory, and 
so on. 
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Reference Letter 
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Explanation 


OES servers can also include NSS partitions. These are similar to Linux partitions in 
that they occupy physical disk space, but they are also significantly different in a 
number of ways. 


1. You create the Linux partitions shown in this illustration during OES 11 SP2 
installation. 


You always create NSS partitions after the OES installation is completed. 


2. You create Linux partitions by allocating an amount of disk space to the 
partition and assigning it a mount point, such as /boot, /home, or / (root). 


You create NSS partitions by creating an NSS pool (see G) and assigning 
space on the server’s storage devices (physical or logical disks) to the pool. 
The space you assign to a given pool from a specific disk is designated on that 
disk as an NSS partition. 


3. On Linux, files are stored on a partition. 


On NSS, files are stored in an NSS volume—a logical mechanism that can 
span multiple NSS partitions and also the devices that contain them. 


4. On Linux, a partition is allocated a set amount of disk space on a single device. 
The amount of disk space that can be used is limited by the size of the partition. 


NSS volumes are not bound by individual partition or device sizes. Rather, they 
take disk space from their assigned NSS pool as needed. 





1. Additional disk space can be dynamically added to NSS pools as needed, and 
NSS volumes can grow dynamically in return as long as there is free space 
available in the pool, unless the volume size has been restricted by an 
eDirectory Admin user. 


IMPORTANT: The illustration shows the NSS pool spanning NSS partitions on both 
the server’s primary hard disk and a second hard disk, which could be added later. 
The NSS pool contains an NSS volume (HOME_NSS in this case) that contains the 
NSS volume data (illustrated in red). The NSS pool also has free space that is not 
yet allocated to a volume (illustrated in white). 


Free space and volume data aren't necessarily distributed across all partitions, or 
distributed evenly as the graphic might imply. The NSS file system manages what 
each partition contains, independent of any administrative controls. 





The NSS file system logically combines multiple partitions to form pools of space (up 
to 8 TB in size) that can span multiple devices. 


In the illustration, POOL_LX contains two NSS partitions that are created from the 
unformatted space on both hard disks when the pool is created. 


In some ways, NSS pools are like pools of water. The space from each partition is 
logically “poured” into an NSS pool and made available to the pool’s assigned 
volumes, such as HOME_NSS. Neither the volume nor the users with rights to 
access it know which physical partitions contain the disk space actually being used. 


Of course, the NSS file system continues to track each partition below the surface, 
but from a logical standpoint, all of the disk space assigned to a pool is one 
continuous source of disk space. 





The sole purpose of NSS pools is to provide storage space from which you can form 
one or more NSS volumes. 


Your getting-started lab server contains a single NSS pool named POOL_LX witha 
single NSS volume named HOME_NSS. The pool's free space is unallocated until 
used. 
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Reference Letter Explanation 


oO The instructions for creating the HOME_NSS volume leave the option set to have 
the volume grow to the pool size. As additional space is needed, the HOME_NSS 
volume automatically expands into the free space shown. 





© Free space in the pool is not reserved for the HOME_NSS volume; instead, space is 
allocated to HOME_NSS as needed. You can optionally add other volumes to the 
same pool and, in a sense, “overbook” the pool's free space. 





Q You can also grow the pool as needed by adding more NSS partitions to the pool. 


A.2 iManager Tomcat Error 


If you experience a Tomcat error when attempting to access iManager 2.7, the likely cause is a 
corrupted browser cookie. Clearing the browser cookies should solve the problem. 


1 In Firefox, click Tools > Clear Private Data. 
2 Select Cookies. 

3 Deselect the other options. 

4 Click Clear Private Data Now. 
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